Head, Consulting and Project Services Department


Be #InGoodHands with Metrobank!


Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!


Position Title: Head, Consulting and Project Services Department


Job Summary:


  • Supports and guides the business units in implementing effective security controls in information system projects that aligns with their business objectives and within their accepted risk appetite
  • Evaluates and assess the security risks of application systems, turnkey solutions, and project implementation activities
  • Perform offensive security testing to identify system vulnerabilities


Role Exposure:

  • Serves as the information security subject matter expert in new systems projects to ensure that threats and security risks are identified, assessed and mitigated early in the application development life cycle
  • Establish the penetration testing / red team framework and processes
  • Ensures that application security controls are in place during solution design and that application security controls are validated to have been included in the design during testing
  • Manages the conduct of vulnerability assessment validations, security baseline compliance validations, and penetration testing during system project implementations
  • Ensures security vulnerabilities are identified and addressed in a timely manner before going “live” or in production and release security risk assessment report
  • Manages the conduct of periodic penetration testing of various production infrastructures and application systems including on-demand penetration testing of system enhancements
  • Develop strategy to establish Red Teaming exercises; establish the framework, processes and guidelines in conducting red team exercises
  • Maintain various risk assessment documentation (i.e., network diagram, data and process flow diagrams, threat-vulnerability-controls-risk worksheet, project SSRA, etc.)
  • Collaborates and coordinates with other ISD Departments to ensure that holistic ISD service is provided to internal customers
  • Proactively works with the Information Security Division Head in implementing programs for the continuous improvement of the bank’s information security environment
  • Manages utilization of resources within his/her department and performance of department officers and staff
  • Mentors security officers in conduct of their job function
  • Prepare department management and performance reports and other reports as required
  • Performs other information security governance, risk and compliance related duties and responsibilities as directed by the Head of the Information Security Division




  • Have extensive knowledge, understanding and experience on system development, IT Systems Architecture, Infrastructure Security, Server Security, Network Security, Database Security, Application Security, Communications Security, Data Security, High Level Code Review, Static and Dynamic Code Analysis, IT Security Risk Assessment, Vulnerability Assessment, Penetration Testing, Operations Security and secure cloud architecture, cryptography
  • Bachelor’s Degree in Computer Science or Information Technology and/or equivalent
  • Familiarity with various programming languages and secure coding best practices
  • Working knowledge of various bank processes
  • Preferably with IT security related certification such as CISM, CISSP, CISA, CEH (or equivalent) GIAC, GSEC, COMPTIA/SEC+, PCI-DSS, ISO-27001 LA, etc.
  • Well versed on various offensive security testing disciplines and methodologies
  • Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
  • Result-orientated in terms of disposition for corrective action to drive the remediation to reduce the risk exposure of the bank
  • Knowledgeable on various compliance and regulatory requirements (i.e., BSP, DPA, PCI-DSS, etc.)
  • People Management Skills: Ability to lead and work well with the team, internal, and external clients. Have good teamwork and collaboration skills: good team players with the ability to lead security initiatives.
  • Good Project management skills: to lead and manage accomplishments of assigned tasks/risk assessment activities.
  • Possess excellent time management skills, thrive in a fast paced demanding environment
  • Be a self-managed, self-starter with good organizational skills to include good follow-up skills
  • Be able to work under pressure on multiple assessments/projects simultaneously
  • Strong attention to detail, analytical, and problem-solving skills
  • Thinking logically and intuitively; strong learning agility with the ability to learn new processes/patterns
  • Good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language, concise and easy to understand concepts.
  • Good presentation skills
  • Knowledge in using MS office tools such as PowerPoint, word, excel and project


Other Details:

Rank: Junior Officer

Unit: Financial and Control Sector / Information Security Group / Consulting and Project Services Department

Location: Metrobank Center, BGC, Taguig City