About Us:

The FT has an uncompromising mission: delivering independent, quality information, news and services to individuals and companies around the globe. It’s the cornerstone of our reputation and the heart of our ambitions for the future. But for our people, the FT offers so much more than what we do. FT people come from all kinds of backgrounds and work across a huge range of disciplines and locations, and find empowering, warm and welcoming culture that values curiosity and rewards smart, ambitious thinking. Those who are willing to unite around our mission and live our values will find plenty to challenge, inspire and interest them. Like the audiences we serve, no two FT people are the same; but together we help our audience be better informed and understand the world around them. It’s a job that’s never mattered more, and a career that can take you anywhere you want to go.

Our commitment to diversity and inclusion in the workplace:

At the FT, we give all employees a voice so that diverse perspectives are heard and valued. We believe that a supportive workplace is one where employees feel they can be themselves at work. We'll continue to remove barriers for all, and in particular barriers facing employees from underrepresented groups.

About the role:

The Information Security Manager will be responsible for leading and coordinating information security governance, risk, and compliance activities across assigned business areas. The role will provide oversight of security controls, regulatory alignment, risk management, and stakeholder engagement, ensuring that information security practices support business strategy and global standards.

The position will be based in Manila and work closely with UK and international stakeholders.

Key responsibilities:

Information Security Governance & Risk Management

• Lead the implementation and oversight of information security policies, standards, and control frameworks, with reference to recognised industry standards/frameworks (e.g., ISO 27001, NIST CSF).
• Ensure alignment between business objectives and security, privacy, and regulatory requirements.
• Identify, assess, and manage information security risks, providing clear reporting and escalation where required.
• Support regional and global risk management processes, including risk register maintenance and remediation tracking.

Compliance & Control Assurance

• Oversee control assurance activities across systems and applications, ensuring appropriate security controls are implemented and operating effectively.
• Coordinate internal and external audit engagements, including preparation, evidence gathering, and remediation management.
• Maintain oversight of compliance-related system inventories and documentation.
• Track and report on remediation activities to ensure closure within agreed timelines.

Security Oversight of Systems & Data

• Collaborate with IT and business teams to maintain accurate data inventories and system documentation.
• Ensure appropriate data protection, classification, and handling practices are embedded in operational processes.
• Provide guidance on secure system design, implementation, and change management activities.

Stakeholder Engagement & Advisory

• Act as a trusted security advisor to regional business and technology stakeholders.
• Communicate security risks, control gaps, and compliance issues clearly to technical and non-technical audiences.
• Support business initiatives by providing security input during project planning and delivery.

Incident & Issue Management

• Support investigation and management of security incidents from a governance and compliance perspective.
• Ensure lessons learned and control improvements are captured and implemented.
• Escalate material risks or control failures appropriately.

Continuous Improvement

• Drive improvements in security processes, documentation, and assurance activities.
• Monitor regulatory and threat landscape developments relevant to the organisation and region.
• Contribute to the maturity and evolution of the information security programme.

Analytical & Reporting Capabilities

• Experience building executive-ready risk dashboards and metrics.
• Ability to translate technical findings into business risk narratives.
• Comfort working with structured reporting and KPIs/KRIs.

Standards, Frameworks & Assurance

• Working knowledge of additional frameworks (e.g., CIS Controls, COBIT, SOC 2, PCI DSS where relevant).
• Experience with PCI DSS compliance in  media, financial, or global organisations.
• Experience with Information Security Supply chain assurance life cycle design and implementation
• Familiarity with control testing methodologies and evidence-based assurance practices.

Scope & Seniority Indicators

• Operates with a high degree of autonomy.
• Responsible for regional coordination (Manila/APAC time zone alignment).
• Engages directly with senior technology and business stakeholders.
• Accountable for risk visibility and control assurance across defined domains.

Desirable:

• Exposure to GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, MetricStream or similar).
• Exposure to GRC Engineering tooling and practices.
• Foundational understanding of cloud security concepts (e.g., AWS/Azure control models).
• Understanding of data protection regulations (e.g., GDPR) and data lifecycle management.
• Experience supporting ISO 27001 certification or surveillance audits.
• Experience with regulatory environments relevant to media, financial, or global organisations.

What’s in it for you? Our Benefits:

Our benefits vary depending on location, but we are committed to providing best in class perks across all our offices as well as an inclusive environment to develop your career. Examples of our benefits include; generous annual leaves, flexible working (including working from home), health coverage (medical & dental), and company match and enhanced family leave packages. Full details of our benefits can be found here. 

Further Information:

The FT is committed to providing an inclusive working environment for all. We are an equal opportunities employer who seeks to recruit and appoint the best talent regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio-economic background, religion and/or belief. We also promote flexible working and will consider specific requests around flexibility for all roles where it can be accommodated. Please let us know if you require any adjustments as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements, or have any questions, please contact a member of our HR team who will be happy to help.

Why Join Us

This is a unique opportunity for a talented compliance professional to step into a high-visibility, hands-on role that blends operational responsibility with strategic influence. You'll be more than a contributor—you'll be a builder, shaping the frameworks and processes that support our global compliance objectives.

Whether you're a seasoned analyst ready for a bigger challenge or an emerging leader looking to expand your scope, this role offers the chance to grow with purpose and advance your career in a forward-thinking, high-impact environment.

About the Role

We are seeking a proactive, detail-oriented Compliance Sr Analyst to join our global Governance, Risk & Compliance (GRC) team. You will take ownership of key elements of our Continuous Monitoring (ConMon) program, partner with technical teams to track risks and improve control effectiveness, and maintain the common control framework (CCF) that underpins our security, privacy, and compliance posture.

This role is designed for someone who enjoys getting into the details while also thinking strategically about how to optimize compliance processes, scale efficiently, and contribute to audit readiness and regulatory alignment.

Key Responsibilities

• Own and evolve the enterprise-wide Continuous Monitoring (ConMon) program, ensuring that vulnerabilities are identified, tracked, and remediated, with accurate reporting and documentation.
• Conduct recurring control assessments to evaluate the effectiveness of technical, administrative, and operational safeguards, and use results to improve the CCF.
• Develop and maintain the Common Control Framework (CCF), ensuring alignment across regulatory and certification requirements (e.g., SOC 2, ISO 27001, PCI-DSS, NIST 800-53, DORA, C5).
• Manage the risk exception and deviation process, including intake, review, documentation, and tracking of compensating controls.
• Facilitate compliance syncs with internal teams, including Security, Engineering, IT, Legal, and Privacy. Drive action item closure, escalate risks, and promote visibility.
• Support audit and assessment readiness by aligning evidence to controls, updating documentation, and coordinating with process owners to demonstrate compliance posture.
• Maintain core compliance documentation, including policies, SOPs, control narratives, risk registers, and corrective action plans.
• Assist in incident response documentation, focusing on compliance impacts, reporting obligations, and post-incident reviews.
• Collaborate with Security and Engineering to review vulnerability scans and threat intelligence, helping assess risk exposure and prioritize remediation.
• Develop and manage compliance dashboards, metrics, and POA&M-style tracking to communicate program health and maturity.
• Continuously improve compliance processes, identifying automation opportunities, reducing manual tasks, and evolving the CCF to keep pace with a changing risk landscape.

Qualifications

• 3+ years of experience in compliance, audit, security assurance, or a related field within a technology or SaaS environment.
• Knowledge of major regulatory and industry frameworks (e.g., NIST SP 800-53, SOC 2, ISO 27001, PCI-DSS).
• Experience with vulnerability management, risk assessments, and control testing.
• Strong communication and collaboration skills with the ability to work across business and technical teams.
• Proven ability to manage multiple priorities, with attention to detail and a structured, documentation-driven approach.
• Bachelor’s degree in a relevant field or equivalent professional experience.

Preferred Skills

• Familiarity with tools like Tenable, Wiz, or other vulnerability scanners.
• Experience with GRC platforms (e.g., OneTrust, Drata, ServiceNow).
• Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer.
• Knowledge of data protection regulations like GDPR, HIPAA, or DORA.

Company Benefits

• Company stocks
• Annual merit increase based on performance
• 15% night shift differential pay
• Paid Leave with Cash Conversion
• HMO with free dependents
• Retirement Plan
• Life Insurance
• While on work from home setup: Internet and meal allowance are provided
• Employee Assistance Program for mental and social well-being
• Government-mandated Benefits (SSS, PhilHealth, PagIBIG, 13^th month pay, Solo parent leave, Special leave for women)

#LI-MB1