User:Cdregalario

Philippines National Bank – Dec 2007  to  Present VP – Information Technology Security and Control Division (ITSCD) Information Technology Group (ITG)

Develops and monitors  ITSCD plans and budget requirements that align with changing security and quality  requirements.

Ensures implementation and availability of updated and approved IS/IT Policies, Guidelines, Service Level Agreements, Operating Manuals  & other IS/IT documentations in alignment  with business requirements,  regulatory requirements (local and overseas), best practices and global standards  not limited to the following… IT Security and Control Management IT Governance IT Risk Management IT Project Management System Development Life Cycle IT Change Management. IT Outsourcing Management Contract / Vendor Management Service Level Agreement Management IT Cost Allocation Management Incident and Problem Management Business Continuity and Disaster Recovery Planning, Testing and Implementation IT Service Management IT Performance Monitoring and Reporting

On IT Governance Management : Regular review and updates of IT Governance Charter Management of IT Governance Communication Plan Close monitoring of action items Management of board approval and IT Governance related  documentations Escalation of IT risk related matter to Risk Oversight Committee (ROC) and to the Board Information Security and Technology Risk Management: Closely coordinates with RMG and collaborates with IT and business units on the development and implementation of the Enterprise Information Security Management Policy Guidelines, Technology Risk Management and required Implementing Procedures.

Monitors and guides IT and business  units in sustaining assurance to Information Security and Technology  Risk Management  by implementing the following: Availability of Information and IT asset inventory Conduct of risk assessment Implementation of required mitigating controls Monitoring of open risk items Escalation and reporting of critical risk items to management and board  level Maintenance and availability of IS/IT risk management data and report.

Continuous issuance of IS/IT Security Bulletins. Continuous IS/IT risk assessment and compliance checking to IS/IT Security and Controls for, among others:  Vulnerability Assessment; Review of Security Baseline for servers, database, network devices, desktops; logical and password administration, patch management, application security,  and physical security

Actively participates in the development, monitoring  and implementation of bank wide IS/IT risk  assessment  framework and conduct of regular operations  risk assessment   and  risk assessment for  ICAAP.

Ensures compliance to change and project life cycle deliverable  prior to implementation and for ensuring  orderly and controlled transitioning of systems and technology change.

Ensures implementation of security  assurance with the prescribed  IS/IT security requirements in  all IS/IT assets prior to  implementation.

Management of IS/IT Assurance to Compliance: Ensures IS/IT policies are updated and aligned with regulatory requirements Manages audit requirements of internal auditors and regulators Ensures regular conduct of  IS/IT Policy and Guidelines Awareness Manages and closely coordinates with IT and business units and internal/ external auditors on the conduct of  regular audit and required documentations. Collaborates with IT and business units in ensuring IS/IT Security Assurance to critical information and IT assets Supports IT and business units in the conduct of process review and compliance assessment on issued IS/IT policy and guidelines. Recommends enhancement to IS/IT guidelines and operating procedures for noted  deficiencies and areas for improvements. Manages IS/IT related issues, monitors its status and escalates significant concerns  to  IT Governance,  ROC and to the board.