Lead, Governance, Risk & Compliance (GRC)

About the Job

Location: Makati

Corporate Title: Manager

Work Arrangement: Hybrid

Our Information Security and Data Privacy team is looking for experienced professionals to join us in Makati with the role of Governance, Risk & Compliance (GRC) Lead.

In this role you will serve as a key member of the Governance, Risk & Compliance team, reporting directly to the Head of GRC within the Governance & Assurance Division. You will execute information security governance, risk management, and compliance initiatives to ensure adherence to regulatory requirements and industry standards.

Your dream. Our focus.

East West Banking Corporation (EastWest) is one of the largest universal banks in the Philippines, and is committed to continuously invest in people and in process, product, and service enhancements, and embrace new ideas to enhance the EastWest experience.

We empower our employees to drive their careers and are committed to provide the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team, and a workplace that promotes development and goal attainment.

Whether you're just starting out, or already a seasoned professional, EastWest can help you unleash your potential, and bridge the gap between dream to success.

What the role will entail

• Implement and enhance information security governance frameworks aligned with organizational objectives and accountability structures.
• Identify, assess, and prioritize information security risks, and develop action plans to mitigate and manage those risks.
• Ensure compliance with regulatory requirements and industry standards through ongoing monitoring, audits, and assessments.
• Develop, update, and communicate information security policies, standards, and procedures across the organization.
• Promote organization-wide understanding and adherence to security policies and best practices.
• Lead training and awareness initiatives in collaboration with the training team to strengthen security culture.
• Support incident response planning by integrating governance, risk, and compliance requirements into response processes.

What we're looking for

• Bachelor's degree in either Computer Science, Information Technology or any related field
• At least two professional security certifications (e.g., CISSP, CISM) with hands-on experience in PCI-DSS, ISO 27001, NIST, and data privacy program implementation.
• Proven experience in information security, cybersecurity, IT risk management, or related roles, preferably within banking or similar regulated environments.
• Demonstrated ability to manage and lead small to mid-sized teams with strong people leadership skills.
• Excellent verbal and written communication skills, including technical documentation and stakeholder communication.

What you can expect from joining our team

• Career development and training opportunities
• Competitive salary package and benefits
• Performance-based incentives and recognition programs to reward high-performing individuals
• Opportunity to work with industry experts and be mentored by them
• Defined career progression paths to guide you in your professional growth