Description
Program Overview
This course introduces the concept of GRC in the context of Cybersecurity. This course covers the importance of Governance in Cybersecurity for Financial Institutions, Practical and effective Information Security Risk Management and building a Cybersecurity culture.
Learning Objectives
At the end of this training, participants will be able to:
- Make sure that standardized procedures and methods are used for prompt and efficient response, documentation, analysis, reporting of incidents, and ongoing management.
- Improve the communication and visibility of incidents.
- Improve the business perception of IT with the help of a professional approach, so that incidents will be resolved and reported quickly.
- Line up incident management activities and prioritize them accordingly.
- Enhance and maintain user satisfaction without losing the quality of established service.
Target Audience
- Technology and Security Auditors
- Risk Management and Compliance Professionals
- Beginner to Intermediate Cybersecurity Practitioners
- Cybersecurity and Technology Risk leaders
Approach
- Pre-work (reading assignments)
- Lectures
- Breakout sessions (workshops)
- Plenary discussions
Target Skills Enablement
- Appreciation of Cybersecurity Governance
- Understanding of Cybersecurity Strategy and Business Alignment
- Conducting an Information Security Risk Assessment
- Selecting appropriate Security Policies
- Identifying security awareness training needs
Program Structure and Outline
- Cybersecurity Governance
- Overview
- Establishing the Cybersecurity Function
- Board and Senior Management Support
- Cybersecurity Roles and Responsibilities
- The Cybersecurity organization and constraints
- Cybersecurity Program and Strategy
- Information Security Strategic Plan
- Information Security Program
- Establishing Business Alignment
- Program Monitoring and Metrics
- Information Security Risk Management
- Overview
- Threat Modelling
- Vulnerability and Controls Assessment
- Risk Likelihood and Impact
- Residual Risk
- Information Security Risk Treatment
- Risk Ownership
- Risk Treatment Options
- Monitoring Techniques
- Risk and Control Reporting
- Cybersecurity Policies and Compliance
- Policies, Standards and Baselines
- The Information Security Policy
- Standards Management
- Baseline selection and enforcement
- Cybersecurity Culture Building
- Security Awareness Training
- Policies Enforcement
- Internal and External Collaboration
Resource Speaker:
MR. JAN MARTIN ENCINA
Director, Head of Information Security Governance & Operations of Maya PH
Jan brings with him 16 years of combined experience in Information Security, Risk Management, Compliance, Data Privacy and Audit. He has held various technical and leadership roles in fintech, banking, software, and telecommunications. Early in his career, he was part of two Big Four Accountancy Firms namely KPMG R.G Manabat & Co. and PwC Isla Lipana & Co. He topped multiple I.T. Audit and Security certification exams of Information Systems Audit and Control Association (ISACA) Philippines landing top 3 in the Certified Information Security Manager (CISM), Top 2 in the Certified Information Systems Auditor (CISA) and Top 1 in the Certified in Risk and Information Systems Control (CRISC). He is also a Certified Public Accountant (CPA). He was recently awarded by the Information Security Officers Group as the Best Senior Head for Security of the Year in Fintech Industry. He is currently affiliated with Maya Philippines Inc. as an Associate Director and Head of Information Security Governance Operations.
Schedule:
January 23, 2026 (Friday) 9:00 AM – 5:00 PM
Training Fee per Participant:
Member Institution – Php3,920.00
Non-Member Institution – Php5,040.00
*VAT inclusive