Security Governance & Risk Leader

The Information Security Manager will be responsible for leading and coordinating information security governance, risk, and compliance activities across assigned business areas. The role will provide oversight of security controls, regulatory alignment, risk management, and stakeholder engagement, ensuring that information security practices support business strategy and global standards. The position will be based in Manila and work closely with UK and international stakeholders.

Information Security Governance & Risk Management

• Lead the implementation and oversight of information security policies, standards, and control frameworks, with reference to recognised industry standards/frameworks (e.g., ISO 27001, NIST CSF).
• Ensure alignment between business objectives and security, privacy, and regulatory requirements.
• Identify, assess, and manage information security risks, providing clear reporting and escalation where required.
• Support regional and global risk management processes, including risk register maintenance and remediation tracking.

Compliance & Control Assurance

• Oversee control assurance activities across systems and applications, ensuring appropriate security controls are implemented and operating effectively.
• Coordinate internal and external audit engagements, including preparation, evidence gathering, and remediation management.
• Maintain oversight of compliance-related system inventories and documentation.
• Track and report on remediation activities to ensure closure within agreed timelines.

Security Oversight of Systems & Data

• Collaborate with IT and business teams to maintain accurate data inventories and system documentation.
• Ensure appropriate data protection, classification, and handling practices are embedded in operational processes.
• Provide guidance on secure system design, implementation, and change management activities.

Stakeholder Engagement & Advisory

• Act as a trusted security advisor to regional business and technology stakeholders.
• Communicate security risks, control gaps, and compliance issues clearly to technical and non-technical audiences.
• Support business initiatives by providing security input during project planning and delivery.

Incident & Issue Management

• Support investigation and management of security incidents from a governance and compliance perspective.
• Ensure lessons learned and control improvements are captured and implemented.
• Escalate material risks or control failures appropriately.

Continuous Improvement

• Drive improvements in security processes, documentation, and assurance activities.
• Monitor regulatory and threat landscape developments relevant to the organisation and region.
• Contribute to the maturity and evolution of the information security programme.

Analytical & Reporting Capabilities

• Experience building executive-ready risk dashboards and metrics.
• Ability to translate technical findings into business risk narratives.
• Comfort working with structured reporting and KPIs/KRIs.

Standards, Frameworks & Assurance

• Working knowledge of additional frameworks (e.g., CIS Controls, COBIT, SOC 2, PCI DSS where relevant).
• Experience with PCI DSS compliance in media, financial, or global organisations.
• Experience with Information Security Supply chain assurance life cycle design and implementation.
• Familiarity with control testing methodologies and evidence-based assurance practices.

Scope & Seniority Indicators

• Operates with a high degree of autonomy.
• Responsible for regional coordination (Manila/APAC time zone alignment).
• Engages directly with senior technology and business stakeholders.
• Accountable for risk visibility and control assurance across defined domains.

Desirable

• Exposure to GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, MetricStream or similar).
• Exposure to GRC Engineering tooling and practices.
• Foundational understanding of cloud security concepts (e.g., AWS/Azure control models).
• Understanding of data protection regulations (e.g., GDPR) and data lifecycle management.
• Experience supporting ISO 27001 certification or surveillance audits.
• Experience with regulatory environments relevant to media, financial, or global organisations.

Benefits

Our benefits vary depending on location, but we are committed to providing best in class perks across all our offices as well as an inclusive environment to develop your career. Examples of our benefits include generous annual leaves, flexible working (including working from home), health coverage (medical & dental), and company match and enhanced family leave packages.

EEO Statement

The FT is committed to providing an inclusive working environment for all. We are an equal opportunities employer who seeks to recruit and appoint the best talent regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio-economic background, religion and/or belief. We also promote flexible working and will consider specific requests around flexibility for all roles where it can be accommodated. Please let us know if you require any adjustments as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements, or have any questions, please contact a member of our HR team who will be happy to help.