IT | Information Security and Compliance Sr. Specialist (ROHQ 2025-002)

The Information Security Consultant will oversee the establishment and maintenance of a corporate-wide information security framework, ensuring all assets are protected and compliant with legal, regulatory, and privacy requirements. They will lead risk assessments, audits, and penetration testing, while also managing security incidents, business continuity, and disaster recovery efforts. This role requires strong leadership, communication, and collaboration skills to effectively work with internal and external teams, vendors, and stakeholders to ensure the highest standards of information security and risk management.

Qualifications:

• Bachelor’s Degree in Information Technology or equivalent; with an information security certification such as CEH or Cybersecurity, a minimum of relevant experience is required
• Minimum 3-5 years of Information Security/Cyber Security experience
• Experience in IT Audit
• Experience in Vulnerability Assessment and Penetration Testing
• Experience with common information security management frameworks such as ISO 2700x, ITIL, COBIT, PCI DSS
• Experience in Project Management, Agile, and DEVOPS methodologies preferred
• Experience in IT Service Management
• Able to work independently and as a self-starter
• Excellent verbal and written communication skills

KNOWLEDGE/SKILLS REQUIRED

• Functional / Technical Competencies

Act as Functional Consultant to the business

Risk mitigation and management

Working knowledge of Security Controls Framework

Collaborative and effective team player

Experience working with outsourced service providers and vendors

Ability to work and communicate with all levels of employees both local and global within the CITADEL Group

• Behavioral Competencies

1. Strong analytical and problem-solving skills
2. Proactively look for service improvement opportunities
3. Strong partnership building and influencing skills
4. Good team player and effective in building good relationships with internal and external teams

• General Competencies

1. Visible Leadership
2. Customer Focus
3. Flexibility
4. Decisiveness
5. Personal Integrity
6. Interdependence
7. Change management

LICENSE/S OR CERTIFICATIONS REQUIRED

Information Security Certifications Preferred, such as CEH

Duties and Responsibilities:

• Overall accountable for establishing and maintaining a corporate-wide information security controls framework and program to ensure CITADEL and Operating Company information assets are adequately protected
• Responsible for identifying, evaluating, and reporting on information security risks that meet compliance, legal, regulatory, data privacy, and records management requirements in all territories where CITADEL Operating Companies operate
• Responsible for defining information security policies, standards, and tools, overseeing all IT related risk management activities
• Lead assessments and assurance activities related to availability, integrity, and confidentiality requirements of any IT related system and process
• Provide technical solution advice and consultancy from a security perspective
• Lead representative to manage any internal and external audits conducted on or for any of CITADEL’s operating companies, including interface to all IT departments
• Manage security incidents and events to protect corporate IT assets and data in conjunction with other IT delivery team leads
• Develop and oversee effective business continuity and disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services and systems are recovered in the event of a security event or disaster
• Ensure Business Continuity and Disaster Recovery Plans and solutions are tested at a minimum on an annual basis or must arrange and receive an approved business risk acceptance in case of any deviation.
• Ensure timely reporting and management of any information security breaches
• Conduct regular, pre-defined, and spot assessments and audits to ensure compliance by operations teams to information security policies, standards, and guidelines; where necessary, lead activities related to penetration testing and other activities to test the strength of CITADEL’s information security
• Oversee and manage actions to completion resulting from any information security assessment and audit, including working with other teams to complete such actions and mitigations

About CITADEL Pacific

CITADEL Pacific Ltd. (CPL) is a diversified private holding company with operations in the Philippines, Hong Kong, Macau, the Republic of Palau, the Commonwealth of the Northern Mariana Islands, and the US Territory of Guam.

Its holdings range from controlling stakes in companies engaged in telecommunications, retail, petroleum and gas distribution, commercial, and industrial property, in-flight catering, and manpower services. Recent acquisitions entering Solar and Data Center businesses position CITADEL to future-facing and fast-growing industries in renewable energy and digital infrastructure.

We offer a competitive total rewards package which includes a base salary determined by factors such as role, experience, skill set, and location. Additionally, eligible employees may receive discretionary bonuses based on both company performance and individual achievements. Our benefits and programs are designed to meet the needs of our employees and are benchmarked to the market. Detailed information regarding compensation and benefits will be shared during the hiring process.