Learn Data Skills
Beta
Israel Magbag

Israel Magbag

Certified

Data Protection and IT Compliance Department Head

Bank of Commerce

Technologies

My Portfolio Highlights

My New Track

Google Sheets Fundamentals

My New Course

Introduction to Python

My New Track

Google Sheets Fundamentals

Insightful puzzle solver, piecing together data fragments to reveal the big picture.

My Work

Take a look at my latest work.

course

Introduction to SQL

course

Understanding ChatGPT

course

Introduction to Python

course

Introduction to SQL

My Certifications

These are the industry credentials that I’ve earned.

Data Literacy

Data Literacy

Other Certificates

ISACA Certified Information System Auditor

DataCamp Course Completion

Take a look at all the courses I’ve completed on DataCamp.

Courses

Introduction to Python
Introduction to SQL
Understanding Artificial Intelligence
Understanding ChatGPT

My Work Experience

Where I've interned and worked during my career.

Bank of Commerce | Jul 2022 - Present

Data Protection and IT Compliance Head

1. Monitor the PIC’s or PIP’s compliance with the DPA, its IRR, issuances by the NPC and other applicable laws and policies. 2. Ensure the conduct of Privacy Impact Assessments relative to activities, measures, projects, programs, or systems of the PIC or PIP; 3. Advise the PIC or PIP regarding complaints and/or the exercise by data subjects of their rights (e.g., requests for information, clarifications, rectification or deletion of personal data); 4. Ensure proper data breach and security incident management by the PIC or PIP, including the latter’s preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed period; 5. Inform and cultivate awareness on privacy and data protection within your organization, including all relevant laws, rules and regulations and issuances of the NPC; 6. Advocate for the development, review and/or revision of policies, guidelines, projects and/or programs of the PIC or PIP relating to privacy and data protection, by adopting a privacy by design approach; 7. Serve as the contact person of the PIC or PIP vis-à-vis data subjects, the NPC and other authorities in all matters concerning data privacy or security issues or concerns and the PIC or PIP; 8. Cooperate, coordinate and seek advice of the NPC regarding matters concerning data privacy and security; 9. Supervises the conduct of Independent Compliance Testing of DSG units, projects and activities; 10. Discuss and cascade the approved IT Compliance plan to his/her team members. Ensure IT Compliance engagements are in accordance with approved annual plan. 11. Manage the IT Compliance testing activities to ensure scope is satisfactorily accomplished, timely release of report, accurate assessment of the issues, and effective monitoring of action plans. 12. Consolidate the IT Compliance highlights and presents to the Corporate Governance Committee members.
Show More

City Savings Bank | Jul 2021 - Jun 2022

IS Assurance Division Head

1. Review the audit plan of the unit prior to submission to Chief Auditor. 2. Discuss and cascade the approved internal audit strategic plan and audit plan of the unit to his/her team members. Ensure audit engagements are in accordance with approved annual plan. 3. Manage the internal audit activities to ensure scope is satisfactorily accomplished, timely release of audit report, accurate assessment of the audit issues, and effective monitoring of action plans. 4. Consolidate the audit highlights and presents to the Audit Committee members. 5. Plan and monitor career of Team Leaders and IS auditors and periodically evaluates their performance. 6. Update IS audit programs with new audit procedures. 7. Initiate or support team innovations to keep improving the value-adding audit services.

CIMB Bank Philippines Inc. | Sep 2019 - Jun 2021

Information Security Manager

1. Provides sound information security direction, guidance, advice, and consultation to business units. 2. Develop policies, procedures, or guidelines to ensure the security and privacy of information and computer systems. 3. Lead third-party assessments to adhere to the company’s controls over Outsourced Service Provider, including IT due diligence, data privacy, and cyber resiliency. 4. Act and assist the Bank’s Data Privacy Officer by: 4.a. Conducting Privacy Impact Assessment on key information systems and assets of the company 4.b. Facilitating Data Privacy Awareness training and program for new and existing employees 4.c. Ensuring the data breach and security incident management process are adhered to by respective units, and issues are reported to NPC and properly documented. 4.d. Reviewing or evaluating the level of compliance of the incoming third-party service providers to security and data privacy control requirements 4.e. Participating in the review of policies, procedures, and system implementation to ascertain data privacy controls are incorporated into the design. 5. Participates in IT projects to implement baseline security requirements for a network, Operating systems, databases, and other IT appliances to support banking systems. 6. Perform periodic compliance review over Information Security to evaluate the adequacy and effectiveness of the overall information security control posture and data privacy. 7. Research on the latest threats and vulnerabilities and, where appropriate, advise the Technology team on the mitigation and remediation. 8. Review, assess, and perform penetration tests and vulnerability assessments on information systems and infrastructure. 9. Participate in the investigation of any security violations by providing post-mortem analysis to illuminate the issues and possible solutions. 10. Facilitates Information Security Awareness to new and existing employees and consultants regularly.

SM Investment Corporation | Apr 2019 - Aug 2019

IT Audit Manager

1. Independently carry out audit engagements in accordance with the annual audit plan. 2. Lead and manage the review in IT General and Application controls, business continuity, IT operations, and Information Security 3. Prepare audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions. 4. Working knowledge on cyber defense leading practices such as: o Open Web Application Security Project (OWASP) o Centre for Internet Security’s Critical Security Controls (CSC) o Common Weakness Enumeration (CWE) o Information Security Management System (ISO/IEC 27001:2013) 5. Collaborate with different department representatives and process owners on various initiatives. 6. Perform ad-hoc reviews as may be required by the management

EY A GTH – Manila, Inc. (EY Global Delivery Service) | Oct 2017 - Mar 2019

Technology Risk Manager (IT Audit Manager)

1. Manage engagement risk and project economics including planning and budgeting, define deliverable content, ensure buy-in of proposed solutions from top management levels at the client. 2. Manage the local engagement team to deliver quality deliverables within the agreed timeline 3. Lead and manage the delivery of third-party risk management engagements, such engagements involve performing a security assessment of a client’s third-party service providers. 4. Demonstrate a thorough understanding of complex information systems and apply to client’s IT environment. 5. Provide guidance and share knowledge with team members and participate in performing procedures focusing on complex, judgmental and/or specialized issues. 6. Use extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. 7. Use extensive experience in: o IT General Controls across platforms for the following areas:  User Access Management  Change Management  Backup and Recovery Management  Batch Job Management  Problem/Incident Management o IT Application Controls: Business Process cycles (Purchase to Payable; Revenue & Receivables; Inventory; Payroll; Treasury) 7. Experience with SOX, Internal Audit and SSAE 16 8. Working Knowledge on: o ERP systems like SAP, Oracle, JDEs etc. o System architecture, business processes and system risks o Operating system and database platforms (such as Windows, Unix, OS400, Mainframe, SQL, Oracle, DB2 etc.)

Goodyear Regional Business Service, Inc. | Apr 2016 - Sep 2017

IT Audit Lead

1. Assist the IT Audit Manager in meeting with stakeholders to understand business risks and potential scope areas for an audit 2. Lead the execution of the project level risk assessment to confirm scope, testing methodology, audit program and budget for IT Audit Manager's approval 3. Lead staff auditors in the execution of internal audit fieldwork 4. Review senior/staff auditor work and ensure audit work is properly supported in TeamMate 5. Provide timely feedback to internal audit staff to develop their skills and provide direction 6. Prepare and vet audit issues with internal audit stakeholders then lead the development of internal audit reports 7. Coordinate internal audit activities with the external auditor to increase efficiency and streamline audit impact on stakeholders 8. Participate in audit opening and closing meetings as well as provide audit stakeholders with ongoing updates during audit fieldwork 9. Work with the IT Audit Manager to prepare executive level summaries and report outs related to audit activity 10. Follow-up with auditees to understand the status of issue remediation and provide recommendations where necessary 11. Provide recommendations to audit management to enhance/improve the audit process and assist in implementing improvements when approved

Holcim East Asia Business Service Centre B.V. – Philippine ROHQ | Nov 2014 - Apr 2016

Quality and Process Compliance Specialist

1. Assists in planning, developing, implementing, and improving ITSM Tool (ServiceNOW). 2. Ensures strict compliance with various international standards, local regulations, and regional regulations affecting the business. 3. Perform compliance review on all levels of ITSC and OpCos in IT processes and controls. 4. Examine and evaluate the adequacy and effectiveness of the organization‘s internal control system. 5. Develop and administer the SAP authorization throughout the company to ensure that Segregation of Duties is strictly enforced and only appropriate authorizations are provided as required by the employee’s job responsibilities. 6. Trains users and management at all levels of ITSC and OpCos on practices, processes, and controls established for ISO20000/1-2 (ITSM) directives, etc. 7. Regularly reviews and evaluates ITSM processes and their execution for quality, compliance and business/ customer benefits; provides reports and actionable items, as well as recommendations for improvement working with relevant stakeholders.

Holcim Philippines, Inc. | Oct 2011 - Oct 2014

Internal Auditor

1. Assists the Head Internal Audit in developing risk based annual audit plan and ensuring its successful and timely implementation. 2. Examine and evaluate the adequacy and effectiveness of the organization’s system of internal control, risk management and the quality of performance in carrying out assigned responsibilities. 3. Perform specific IT audit engagement which includes but not limited to review on access controls, Business Continuity and Disaster Recovery plan (BCDRP), master data management, configuration management, network and IT security. 4. Participate on identifying application controls during and/or after the system development of company ERP systems, web-based application systems and business application. 5. Proactively participate in the regional assignment as part of the knowledge and exchange function within the company and other operating company as mandated by Group Internal Audit (GIA). 6. Provide consultancy service to the management to assist in the effective execution of their duties and responsibilities.

Zuellig Pharma | Aug 2008 - Oct 2011

Internal Auditor

1. Assists the Audit Manager in the implementation of audit workplan. 2. Determines the engagement procedures to be used, including sampling technique (statistical and attribute) and support information technology for each audit project. 3. Evaluates the system’s effectiveness through the application of knowledge of business systems, financial, distribution process and other operations. 4. Obtains, analyzes, and appraises information which will form as a basis in coming up with an audit conclusion (opinion). 5. Prepares audit report with recommendation and present it to management for corrective action. 6. Performs special review at the request of management such as business process improvements review and System/IT audit.

General Milling Corporation | Dec 2007 - Aug 2008

Internal Auditor

1. Assists the Audit Manager in setting up audit priorities at the beginning of every year and documents the same in the department’s Audit Program using Macro Risk Assessment Techniques. 2. Assists the Audit Manager in planning and preparing the audit work program. 3. Reviews the internal control and evaluate its adequacy and effectiveness in terms of: o Compliance with Policies, Plans, Procedures, Laws, and Regulations o Safeguarding of Assets o Economy and Efficiency of Operations o Accomplishment of Organizational Objectives and Goals for Operations and Programs. o Reliability and Integrity of Information 4. Prepares audit report and communicates the results to management.

AMA Group of Company | Aug 2005 - Sep 2007

Internal Auditor

1. Assists the Manager in the preparation of audit plans and working schedules, budgets as well as staff assignments. 2. Performs compliance audits and information systems audit of Head Office and / or branch operation in accordance with accepted professional standards. 3. Review and evaluate the adequacy of accounting and administrative controls of information systems of the company. 4. Performs examination of financial records with the objective of ascertaining fair presentation of balances, makes evaluation of control systems and recommend adoption of additional control. 5. Appraises the adequacy of departmental replies to audit reports and perform post-audit reviews to determine the extent to which the audit recommendations have been implemented. 6. Prepares initial draft of the report, discusses deficiencies and recommends corrective actions with the heads of branch and auditee department and incorporates all comments and rebuttals on the report draft for submission to the Chairman.

My Education

Take a look at my formal education

BS Accountancy in AccountingMeycauayan College | 2004

About Me

Israel Magbag

Data Analyst and Scientist passionate about leveraging expertise in data privacy, information security, and audit to drive insights and decision-making. Eager to apply analytical skills in dynamic settings for impactful results.

Powered by

  • Work
  • Certifications
  • Courses
  • Experience
  • Education
  • About Me
  • Create Your Data Portfolio for Free