Summary
Overview
Work History
Education
Skills
Certification
Competencies
Timeline
Hi, I’m

Maria Ned Urduja Garcia

IT Governance Professional
QUEZON CITY,PH|MM|Metro Manila
Maria Ned Urduja Garcia

Summary

Bachelor of Science in Commerce, Major in Business Administration MBCI Professional – Active Member of the Business Continuity Institute CBCI Professional – Certified by the Business Continuity Institute Over 22 years of comprehensive experience in Governance, Risk, and Compliance (GRC) Over 18 years of specialized expertise in IT Governance, including Information Security, Enterprise Risk Management, Compliance, Business Continuity/Disaster Recovery, Environmental Health and Safety (EHS), and Audit Proven leadership with over 2 years in a managerial role with direct employee management and over 7 years of direct team management Extensive experience with over 10 years in Business Continuity/Disaster Recovery Consulting Services, ensuring organizational resilience and risk mitigation Over 10 years of proficiency in Outsourced Service Delivery, managing vendor relationships and ensuring service quality 4 years of dedicated service in Corporate Information Technology, supporting enterprise-wide IT initiatives 4 years of experience in Sales Operations, contributing to operational efficiency and strategic sales support

Overview

24
years of professional experience
21
Certifications

Work History

Standard Chartered Group Services, Manila Incorporated

Vice President, Regulatory Technology Control Testing
09.2024 - Current

Job overview

  • Controls Testing team forms part of the first-line Group TTO technology risk monitoring, review and reporting processes which provides management with a view of the Design and Operational effectiveness of the control environment supporting the technology services operations and systems. The Control Testing services, and the related processes support the compliance of the Group Technology Policy and the related standards by performing periodic controls testing of processes, controls, metrics, and compliance across key control domains (KCD):
  • Workplace Services (Change Management, Incident Management, Problem Management and Event Management).
  • Technology Resilience.
  • Private Cloud Infrastructure (Database Back-up & Storage Management).
  • Software Engineering (eSDLC); and
  • Infrastructure Platforms and Facility Management.
  • Information and Cyber Security (ICS).
  • Performs governance review checkpoints to ensure compliance with regulatory and internal Standards. Interprets regulations affecting control standards and suggest methods of updating policies and practices that addresses any risk concern to maintain IT and regulatory compliance.
  • Execute the testing of key IT controls across the bank’s critical IT systems to help grow trust with clients and regulators and maximize risk reduction.
  • Provides planning, execution, reporting, governance, as well as advocating and imparting lessons and good practice to shape the design and implementation of key IT controls testing across all of the bank’s critical IT systems. In addition, determining whether these key controls are operating effectively via an evidence-based testing process.
  • Key responsibilities include:
  • Execute a consistent, sustainable, and re-performable technical control testing framework/methodology for the bank’s critical IT systems.
  • Support the provision of timely and accurate control testing to the respective risk forums across business and functions.
  • Promote compliance with the Bank’s risk framework and policies (e.g. ERMF-Enterprise Risk Management Framework and O&T RTF- Operational & Technology Risk Type Framework)
  • Support stakeholders in defining remediation actions to address identified control weaknesses and issues across critical IT systems, and associated processes.
  • Track issue remediation, check and challenge delivery status and escalate delays.
  • Identify opportunities for automation of controls testing.
  • Key Responsibilities
  • Strategy
  • Awareness and understanding of the T&O and Resilience strategy and their implications on risk management and Resilience’s Risk profile.
  • Maintain effective relationships with stakeholders to facilitate:
  • Effective key IT controls testing.
  • The provision of timely, expert advice and assurance; and
  • Partnerships with other functions to provide professional advice and assurance.
  • Processes and Platforms
  • Support the continuous improvement of risk and control processes, aligning to and avoiding duplication with other assurance functions.
  • Understanding of Regulatory control requirements (i.e. UK ACG), and platform environments for the control implementation (i.e. familiarity with On-Prem, Cloud and DevOps environment)
  • People & Talent
  • Provide proactive self-orienting and self-motivating leadership, and work with limited direction.
  • Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
  • Cultivate the right mix of SME and risk & control skills.
  • Risk Management
  • Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
  • Perform control tests and assurance reviews to identify gaps in the risk profile and areas for enhancement.
  • Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
  • Provide robust challenge and escalation to senior stakeholders to ensure issues are addressed and root causes identified.
  • Manage and drive continuous improvement of the IT control environment through proactive risk management.
  • Oversight of risk appetite and other Group metrics.
  • Oversight of risk events and associated reporting and logging / tracking of risk issues.
  • Providing support and risk advice to Resilience teams
  • Governance
  • Tracking and reporting of risk assessments (e.g. audits, risk assessments etc.) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
  • Work with the Application/Service Owners of critical IT systems to identify emerging IT risks and ensure they are appropriately addressed by relevant technical controls.
  • Regulatory & Business Conduct
  • Display exemplary conduct and live by the Group’s Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
  • Provide timely and accurate risk & control information to support regulatory meetings and RFIs.

Hewlett Packard Asia Pacific LTD (Hong Kong) ROHQ

Manager, Digital Assurance
07.2021 - Current

Job overview

  • Drives Growth and Strategy. Provides inputs to win deals and deliver on growth agenda by understanding our capability offerings. Understand market opportunities.
  • Manages Business Financials to meet targets for the Service line organization; Manage Demand and Supply. Understands and control financial impact to business operations.
  • Manages workforce plan and overall lifecycle of resource management and overall operational support for the Security Service Line across all Accounts / Clients.
  • Provide guidance and support to day-to-day Security SL Operations for Security Risk Management and Digital Identity Team
  • Collaborate with Global/Regional/Local Management
  • Engages in various corporate projects and initiatives for GIDC PH – Global Innovation Delivery Center - i.e. BCMS, ISMS, ERM. Liase with all functional Security areas to develop and maintain ISO/CMMI program for the service line.
  • Manager- Security Risk Management Operations, SRM – Digital Assurance
  • Responsible for the flawless team delivery of the Security Risk Management capability services across technologies and businesses.
  • SRM Security Delivery Team function includes the following:
  • Develop a strategic relationship with the client based on trust, delivery and execution in order to drive service excellence and delivery success.
  • Develop a thorough understanding of the client’s business and IT Security Risk & Compliance Management strategies; and deliver MSS accordingly.
  • Ensure that MSS capabilities are provided maximum opportunity to support account expansion goals, including assisting in opportunity identification; strategy and service offering development.
  • Strive to become a trusted advisor to the client, either providing expert technical advice themselves, or bringing in subject matter experts where appropriate from both within and outside DXC
  • Create client specific Account Security plan, handbooks and supporting documentation.
  • Work with the DXC Account Delivery Lead (ADL) on Security Service delivery and security operational matters and directly support the Client Partner (CP) or Account General Manager (AGM) on security and compliance matters affecting the account.
  • Coordinate the investigation, management, and response to all security incidents with impacts to the account and keep appraised of all security incidents and response in other regions.
  • Coordinates vulnerability assessments, audits and other security scans on the customers IT infrastructure as per contractual requirements
  • Provides oversight of DXC user account administration, Identity and Access management services, validates access credentials, and reviews access control list eligibility.
  • Develops and promulgates account security and compliance policies and procedures to all DXC personnel supporting the account as well as subcontractor personnel and suppliers.
  • Provides regular security reports to the client and the DXC account as required by contractual commitments or as operational conditions dictate.
  • Manager- Identity and Access Management Operations, Digital Identity
  • Responsible for the flawless team delivery of the Identity and Access Management-IAM services across technologies and businesses.
  • Develops and engages the team. Provides capability building support role. Provides team leadership and coaching based on management direction. Ensure deliverables are met and supports in overall employee lifecycle performance management and excellent customer service.
  • Engage in demand and strategy discussions to ensure the IAM requirements, operational and business impact, tools and skillset capabilities are equally considered.
  • Review and respond to RFP, Review contractual requirements and solutioning discussions.
  • IT Compliance Officer, Security Risk Management
  • Provides knowledge and experience in the various core Information Security domains i.e. Security Strategy Risk and Compliance
  • Lead the review and remediation of security compliance activities for all systems managed by DXC. Duties include:
  • Review the configuration compliance data and validate it against DXC/Account standards.
  • Work with relevant stakeholders to oversee the remediation lifecycle.
  • Working with the DXC GRC team, as part of the CSA (Customer Service Audit) process perform checks to confirm key security controls are operating as intended.
  • Manage IT security issue and risk process. Engage with stakeholders to identify, assess and document issues and risks that exist within cyber security delivery teams and across the enterprise thru end-to-end Enterprise Security Information System (ESIS) tool.
  • Assist in the overall Operational Risk Management Framework that includes working with Technology Delivery teams to identify and assess risks and associated internal controls to help understand residual risks exposure with the business.
  • To monitor the progress of evidence collection and act as a co-ordination point with the DXC GRC team, external auditors and the DXC account teams; various Audit includes internal and external audits – QEX, SOC 1 and SOC2, PCI-DSS, Merchant Audit.
  • Lead in the implementation of audit remediation actions with all stakeholders.
  • Assist the ASO/SDL with Monthly governance reporting.
  • Maintain and update as required (in conjunction with the relevant delivery teams) the security compliance documentation required to support the security certifications held by the account, including 27001 / ISMS and PCI DSS
  • Provide advice and consult with delivery teams across the account on how to achieve / maintain security compliance.
  • Assist ASO/SDL and CSO with additional duties as delegated.

Enterprise Services (AP) Limited, Philippines (ROHQ) Regional Operating Headquarters

Technology Consultant- Team Lead, Continuity Services-Service Continuity Management
11.2011 - 09.2024

Job overview

  • Provides team leadership and coaching based on management direction. Helps direct the team on the tasks at hand i.e. Project/customer service delivery requirements and provides necessary onboarding training, account and process familiarization.
  • Works with Functional Managers to obtain necessary resources to support the team’s requirements, ensure deliverables are met and supports in people/performance management.
  • Technology Consultant, Continuity Services-Service Continuity Management
  • Reporting to APJ Continuity Services Manager
  • Service Continuity delivery role includes Business Continuity Consulting, Customer IT Service Continuity Management or Disaster Recovery Environment Readiness, Change & Release Mgmt oversight, Governance and Risk management and mitigation, Customer Service Recovery Execution incorporating execution of contracted DR testing exercises and Co-ordination of system recovery in case of actual disaster activations.
  • Responsible for the overall ongoing Business Continuity Management, Disaster Recovery Management/ Service Continuity Management steady state of HP/HPE/DXC Enterprise Service IT Outsourcing Accounts. The environment will vary upon customer requirements. Work includes
  • Effective governance of Change Management activity, Continuous review and improvement of IT Service Continuity plans and procedures, Implementation of a set of workplace behaviors that align with a transformed, ITIL-based process set, Recovery Control Centre Leadership and Co-ordination and Workload assignment and management.
  • Operational responsibilities include:
  • Develop, maintain and implement the Business Continuity/BC Plan and IT Service Continuity Plan/IT DR Plan
  • Perform Business Impact Analysis and ensure understanding of Business operations and Continuity requirements.
  • Ensure all have current Recovery procedures or all functions and systems.
  • Coordinate and align Business Continuity and Disaster recovery strategies across stakeholders.
  • Manage Change activity in accordance with risk profile and BC/DR impact analysis.
  • BC Plan/ ITSCM Plan maintenance
  • Educate all stakeholders in roles and responsibilities for BC/ ITSCM Plan
  • Exercise and Execute the Business Continuity and IT Service Continuity Plan/IT DR Plan
  • Prepare and co-ordinate all to be ready for BC/DR Exercises, including resource allocation, environmental readiness and deployment plans.
  • Run Recovery Control Centre (RCC) Command Centre operations, including systems flight check, Applications, Connectivity and Incident Management capabilities.
  • Perform rehearsal postmortems and evaluate the team’s performance during the BC Exercises and recovery rehearsal.
  • Continually seek improvements in the recovery process, reduction in customer costs and improvement in customer recovery times (faster, better, cheaper)
  • Manage Service Continuity Escalation
  • Develop, maintain and communicate BC and DR risk register.
  • Escalate threats in accordance with severity.
  • Interface with Incident Management teams as required to ensure maximum decision lead time on disaster deployment.
  • Manage full lifecycle of Professional services engagements from scoping estimates, Scope of Work and proposal creation to delivery and implementation of consulting project/services for Business Continuity and Disaster Recovery; have held and managed T&T (Transition and Transformation) Projects responsible for leading the transition and transformation of new accounts into ongoing SCM steady state environment.
  • Responsible for direct client engagement on a regular basis to monitor and report progress of agreed scope of work, conduct regular review of performance metrics and review improvement of service offerings.
  • Work includes representing HPPC as BU Coordinator for HP Philippine Crisis Management Team and EHS Committee Member for the Local HP Environmental, Health and Safety Organization; Overall tasks would include the following but not limited to rolling out and driving Crisis Management Plan, Business Recovery Strategies, Crisis Management Orientation and Exercises, and Coordinate Life Safety and EHS Activities and Projects.

Siemens Inc.

Information Security Officer, Information Technology
10.2007 - 10.2011

Job overview

  • Reporting to Country VP and Head of IT and ASEAN Cluster Corporate Information Security Officer (CISO)
  • Regular reporting on the status of Information Security to the CISO of the Asian Cluster.
  • Responsible for the implementation and application of information security guidelines and related strategies. Monitors and audits the compliance to these guidelines.
  • Information Security Management: Increase awareness for IS through proper communication of main IS topics and concerns and the implementation of proper InfoSec measures.
  • Coordination of Information Security Trainings/measures within Siemens to familiarize employees and management with IS standard and guidelines.
  • Drives the weak point analysis and supports the management in the implementation of appropriate InfoSec measures.
  • Monitors, minimizes, and removes risks and escalates in incident situations. Supports employee and manager in the usage of IS tools.
  • Coordinates fulfillment of IT Audit requirements. Lead in the implementation of audit remediation actions with all stakeholders within IT team and coordinate evidence collection.
  • Preventive Crisis Management: Responsible for maintaining the Business Continuity and Disaster Recovery Plans and Coordinates BCP tests/exercises. This will include Documentation, Process Change, Incident Management, Communications, Coordination, Training and Testing Activities of BCP/DRP.
  • Enterprise Risk Management Coordinator: Responsible for the Identification, Assessment, and Remediation, Monitoring and Reporting of Risk and Deficiency for IT.
  • IT Compliance Coordinator: Responsible for implementing and updating all compliance related and Compliance Control Framework control activities with regular coordination with Country Compliance Office; Responsible for submission of all necessary reports and business-related controls for IT; Responsible for collection and safekeeping of documentary evidences/files for Audits and investigations and attendance to regular meetings and trainings organized by Country Compliance Office for IT.
  • License Manager, Software Asset Management: Responsible for ensuring that the installed software on all employee workplace computers is licensed accordingly via use of IT corporate service tool worldwide; Regular scanning of computer assets and facilitates checking and remediation for unauthorized use or unlicensed software installations.
  • Environmental Protection, Health Management & Safety Coordinator: Responsible for ensuring the EHS, Product & Occupational safety standards within IT and assigned specialist for Disaster Preparedness as aligned with PCM team and support on all related tasks including assessment/audit requirements.

Fritz & Macziol Asia Inc.

Executive Assistant and Sales Operations Support
07.2006 - 10.2007

Job overview

  • Reporting to the General Manager; Supports him in all aspects of his role.
  • Provides Sales Operation support to perform wide range of functions relating to Purchasing, Deliveries, Bidding, Canvassing and Collection.
  • Creates Sales Forecasting Report for management review and analysis.
  • Assists in ensuring compliance with IBM Philippines Inc. Business Partner Code of Conduct being its premier business partner and or Solution Provider; Work includes reviewing IBM Sales Plan and maintaining access to some of IBM Partner tools in IBM site such as Partnerworld, PartnerCommerce and Partnerworld Lead Management; Access to these tools are required for business transactions to be fulfilled.
  • Updates and Maintains IBM Partnerworld access in areas relating to employee profile, & certifications, as well as in Purchasing through PartnerCommerce and Order tracking through the Order Status Online (OSOL) system.
  • Updates and maintains Partnerworld Lead Management tool; Responsible for managing all leads/pipeline opportunities entered into by the company.
  • Updates and Maintains access to IBM Global Partner Portal, a tool for registration/application of transactions which are eligible for Software Value Incentive Program. In charge of SVI application process as well as in the Claim and Payment Process.
  • Supports the Finance Manager in the Accounting & Finance process; Works include but not limited to preparing checks, maintaining account balances/account passbooks, maintaining reports for check releases to name a few.
  • Performs wide range of functions in general office/service administration; Work includes but not limited to Petty Cash Management and Office Logistics requirement to name a few.

Ecoline Systems Corporation

Sales Operations and Administrative Assistant
02.2006 - 06.2006

Job overview

  • Provides administrative and sales support to Storage Managers and Channel Officers; Work includes preparation of Accreditation documents, Sales proposals, Contracts and other related documents.
  • Updates and maintains IBM Partnerworld access; Work includes updating employee’s profile, updating Sales and Technical Certifications, uploading orders in the system and tracking sales orders and delivery. Work closely with Customer Fulfillment Team of IBM Philippines Inc. to ensure processing and delivery of orders.
  • Provides Marketing assistance to Channels Team. Support provided includes Telesales work.

IBM Philippines Inc.

Sales Operations Support, IBM Software Group
04.2004 - 02.2006

Job overview

  • Provides administrative and sales support to Software Country Manager, Local Sales Team and their Regional counterparts.
  • Creates Forecast Summary and Detailed Pipeline Roadmap for daily submission to Local and ASEAN Software Team. Sales Forecast reports include consolidation of pipeline data from Sector and Brand Sales Representatives; Calls on Sales team for pipeline/forecast details as necessary; Determines and highlights revenue gaps between forecast and revenue results.
  • Updates and maintains Sales Forecast reports on a daily basis in support to the Country Managers Weekly Reviews with Sector and Brand Group, with other Business Unit Executives, and with his ASEAN Forecast Review with the Regional Leaders; Prepares presentation file in addition to the Sales Forecast reports as needed; Attends weekly COR meetings with the Local Sales Team for pipeline discussion and updates.
  • Coordinates with both Local and ASEAN Team on matters relating to Software Revenue or Financial Results; Assists Customer Support Operations in loading orders and ensures proper crediting of revenue.
  • Performs and or assists in various IBM Processes necessary to support Software Business such as IBM Customer Number Request, Tax and Credit Approval Request, Special Bids Request, Software Evaluation Copy Request, RFE and FOE Request, Bond Request and any Fastpass/Passport Advantage Program related matters to name a few.
  • Maintains and updates CRM Siebel database for SW Sales Performance Management and Leads Management; Needs to track Sales Cycle Progression, Leads Generation, BP Leads Passing and Leads Acceptance and performs all of these as requested by Sales team; Ensures Sibley target is attained.
  • Supports IBM Business Partners (Distributors and Resellers) in all their needs and concerns relating to Software Business such as Purchase Orders, IBM Price levels, Purchase records and BP Certifications to name a few.
  • Assists in Marketing Activities and support as back up to Software Group’s Business Center when needed.

BCNY Corporation

Office Staff, Production Group
08.2003 - 02.2004

Job overview

  • Provides secretarial support and assistance to the production team.
  • Manage allocation of Job Order projects to Subcontractors; Coordinates with them regarding production; Negotiates on pricing and monitors completion and delivery.
  • Responsible for checking counter receipts and prepares request for check preparations.

Sykes Asia

Customer Service Representative, Telecom Team
05.2003 - 07.2003

Job overview

  • Provides Customer Management Solution through telephony services to top fortune companies abroad.

Cebu Pacific Air

Trainee for Treasury Bills Department
04.2002 - 05.2002

Job overview

  • Provides support in administration and records management.

Education

University of Santo Tomas

Bachelor of Science in Commerce from Business Administration
03-2003

University Overview

GPA: General Weighted Average Grade of 1.84; short for 1.75 Cum laude grade status

La Consolacion College

Third Honorable Mention, Secondary Education from Top 5 of Batch ‘99
03-1999

University Overview

Isabelo delos Reyes Elementary School

Third Honorable Mention, Primary Education from Top 5 of Batch ‘95
03-1995

University Overview

Skills

Crisis Management

Disaster Recovery/ Technology Resilience

Business Continuity

IT Governance (ie COBIT, ITIL, NIST, ISO/IEC 27000, CMMI, ISO22301, ISO 9001)

Project Management (ie PMI PMBok)

Enterprise Risk Management (ie COSO)

IT / Technology Audit

Certification

7 Habits of Highly Effective People, Ateneo Graduate School.

Competencies

Competencies
  • Good Communication Skills
  • Results Driven and Self Motivated
  • Strong sense of ownership. Dependable and can work with minimum supervision.
  • Ability to multitask across high priority/high visibility efforts.
  • Flexible and very much willing to learn.
  • Creative and Resourceful
  • Team Player. Good Interpersonal Abilities

Timeline

Vice President, Regulatory Technology Control Testing
Standard Chartered Group Services, Manila Incorporated
09.2024 - Current
Manager, Digital Assurance
Hewlett Packard Asia Pacific LTD (Hong Kong) ROHQ
07.2021 - Current
Technology Consultant- Team Lead, Continuity Services-Service Continuity Management
Enterprise Services (AP) Limited, Philippines (ROHQ) Regional Operating Headquarters
11.2011 - 09.2024
Information Security Officer, Information Technology
Siemens Inc.
10.2007 - 10.2011
Executive Assistant and Sales Operations Support
Fritz & Macziol Asia Inc.
07.2006 - 10.2007
Sales Operations and Administrative Assistant
Ecoline Systems Corporation
02.2006 - 06.2006
Sales Operations Support, IBM Software Group
IBM Philippines Inc.
04.2004 - 02.2006
Office Staff, Production Group
BCNY Corporation
08.2003 - 02.2004
Customer Service Representative, Telecom Team
Sykes Asia
05.2003 - 07.2003
Trainee for Treasury Bills Department
Cebu Pacific Air
04.2002 - 05.2002
La Consolacion College
Third Honorable Mention, Secondary Education from Top 5 of Batch ‘99
Isabelo delos Reyes Elementary School
Third Honorable Mention, Primary Education from Top 5 of Batch ‘95
University of Santo Tomas
Bachelor of Science in Commerce from Business Administration

Similar Profiles

CREATE PROFILE
Maria Ned Urduja GarciaIT Governance Professional