My role is to provide subject matter guidance to the Business Units on how to manage business continuity or information security risk(s) associated with 3rd party relationships. I perform systematic and consistent approach to identify, assess, and manage business continuity and information security risks associated with third parties throughout the lifetime of the relationship.

·  Demonstrate compliance to Information Systems (IS) Auditing Guidelines and Information Security Assessment Procedures.·  Conduct internal assessments for assigned business entity (e.g. projects, support groups, corporate functions, shared services, etc.) based on the ISO27001, ISO 22301, Contract Compliance, Client Data Protection (CDP) and other security related framework.·  Report all security incidents found during the conduct of internal assessment and report to person/s responsible for investigating the incident.· Ensure all issues or concerns that are not resolved are escalated to Team Lead· Ensure closure of the internal assessment issues and areas for improvement are recorded·  Participate and / or lead various team’s initiatives and continuous improvements· Assist the Operations Lead in the creation and maintenance of the yearly internal assessment plan.· Ensure internal assessment completion of all in scope business entities as specified in the assessment plan.· Provide regular updates to the Lead and/or Operations Lead on the status of the assessment; escalate issues for proper disposition and action.·  Review internal assessment reports for completeness, accuracy and compliance of Information Systems (IS) Auditing Guidelines.· Ensure internal assessment metrics is maintained at manageable level. Variances noted are assessed and mitigated.· Provide inputs/assistance in the resolution of internal assessment issues/concerns and provide updates to the Lead and/or Operations Lead.· Spearhead the internal assessment analysis and identify improvements based on root cause analysis (RCA) from the internal assessment gaps and recommend best practices.· Provide guidance to internal assessor on the analysis of gaps, action plans and assessment issues.· Identify areas for improvement on the processes and tools used in the internal assessment procedure.· Prepare the monthly internal assessment metrics and weekly status report.

Maintain and ensure currency and completeness of the ISMS documentation - Conducts center-wide risk assessments to identify vulnerabilities and come up with security controls to address those gaps. This is in collaboration with other stakeholder. - Provides assistance in completing client audit questionnaires - Helps the project understand and complete their business group’s information security implementation tasks and other security-related documents/deliverables. - Responds to business groups’ questions or concerns regarding information security and internal, external or client security audits. Systems Administrator - Add/delete/change users as per User Access Management Procedure - Grant access to users on a “need basis” - Perform review of Periodic Access Review conducted by PMO - Implement changes as per Change Control Procedure – Systems - Ensure that the documents in the repository/website are accurate and up-to-date - Provide functional support to editors/ authors - Execute actual upload of new documents and deletion/ archival of outdated ones ISMS Metrics Coordinator - Update the monthly InfoSec Metrics dashboard for the summary presented to ISF - Accomplishes the InfoSec Metrics Projects scorecard on a monthly basis and sends it out to Leadership- Escalate issues on monthly collection and presentation of InfoSec metrics reports - Analyze the security health of the Center - Continuously improve the selection, collection, generation and analysis of ISMS metrics - Upload, organize and archive ISMS metrics reports or files in the SharePoint repository ISMS Feedback Manager - Maintains and proposes improvements to the Mailbox - Oversee and manage all logged feedback in the ISMS feedback corner - Acknowledge feedback received - Answer questions if possible or delegate to the concerned team or SME

Field all incoming customer inquiries in a timely fashion, depending on the source, responds by answering each inquiry directly with data acquired through one of the search engines, or with data obtained elsewhere online. these sources may include databases, pdf files or other appropriate websites.