User:Cdregalario

Philippines National Bank – Dec 2007 to Present VP – Information Technology Security and Control Division (ITSCD) Information Technology Group (ITG)

Develops and monitors ITSCD plans and budget requirements that align with changing security and quality requirements.

Ensures implementation and availability of updated and approved IS/IT Policies, Guidelines, Service Level Agreements, Operating Manuals & other IS/IT documentations in alignment with business requirements, regulatory requirements (local and overseas) , best practices and global standards not limited to the following…

IT Security and Control Management IT Governance IT Risk Management IT Project Management System Development Life Cycle IT Change Management. IT Outsourcing Management Contract / Vendor Management Service Level Agreement Management IT Cost Allocation Management Incident and Problem Management Business Continuity and Disaster Recovery Planning, Testing and Implementation IT Service Management IT Performance Monitoring and Reporting

On IT Governance Management : Regular review and updates of IT Governance Charter Management of IT Governance Communication Plan Close monitoring of action items Management of board approval and IT Governance related documentations Escalation of IT risk related matter to Risk Oversight Committee (ROC) and to the Board

Information Security and Technology Risk Management: Closely coordinates with RMG and collaborates with IT and business units on the development and implementation of the Enterprise Information Security Management Policy Guidelines, Technology Risk Management and required Implementing Procedures.

Monitors and guides IT and business units in sustaining assurance to Information Security and Technology Risk Management by implementing the following: Availability of Information and IT asset inventory Conduct of risk assessment Implementation of required mitigating controls Monitoring of open risk items Escalation and reporting of critical risk items to management and board level Maintenance and availability of IS/IT risk management data and report.

Continuous issuance of IS/IT Security Bulletins. Continuous IS/IT risk assessment and compliance checking to IS/IT Security and Controls for, among others: Vulnerability Assessment; Review of Security Baseline for servers, database, network devices, desktops; logical and password administration, patch management, application security, and physical security

Actively participates in the development, monitoring and implementation of bank wide IS/IT risk assessment framework and conduct of regular operations risk assessment and risk assessment for ICAAP.

Ensures compliance to change and project life cycle deliverable prior to implementation and for ensuring orderly and controlled transitioning of systems and technology change.

Ensures implementation of security assurance with the prescribed IS/IT security requirements in all IS/IT assets prior to implementation.

Management of IS/IT Assurance to Compliance: Ensures IS/IT policies are updated and aligned with regulatory requirements Manages audit requirements of internal auditors and regulators Ensures regular conduct of IS/IT Policy and Guidelines Awareness Manages and closely coordinates with IT and business units and internal/ external auditors on the conduct of regular audit and required documentations. Collaborates with IT and business units in ensuring IS/IT Security Assurance to critical information and IT assets Supports IT and business units in the conduct of process review and compliance assessment on issued IS/IT policy and guidelines. Recommends enhancement to IS/IT guidelines and operating procedures for noted deficiencies and areas for improvements. Manages IS/IT related issues, monitors its status and escalates significant concerns to IT Governance, ROC and to the board.