AB

Open to opportunities

Anthony Bugaoan

@anthonybugaoan

Information security GRC professional driving risk assessments and compliant controls.

What I'm looking for

I’m looking for GRC and Information Security roles where I can run security risk assessments, drive clear disposition reporting, and strengthen BSP/PCI/ISO-aligned governance—partnering with business teams so risk controls improve outcomes, not just checkboxes.

I’m a cybersecurity professional specializing in Governance, Risk & Compliance (GRC) within banking and financial services. At Metrobank, I led information security risk assessments across business processes, system enhancements, and third-party engagements.

I produce formal risk reports with disposition recommendations—approve, approve with conditions, or reject—grounded in BSP regulations, PCI DSS, and ISO frameworks. I also identify and escalate critical security design flaws, including exposed cardholder data, inadequate data retention policies, and insecure RPA credential handling, so fixes happen before production deployment.

I perform granular process mapping analysis to uncover step-level security risks across complex workflows, especially for RPA automations, operational process improvements, and system enhancements. I recommend penetration testing engagements for high-risk changes in coordination with the bank’s internal PT team, and I manage daily intake of ~12 infosec review requests by assessing complexity, prioritizing work, and communicating dispositions to business owners.

Before Metrobank, I supported audit readiness by developing ACL scripts to transform and validate client financial data for PwC’s Halo audit platform. I’m actively pursuing CGRC (ISC2) and I’m open to GRC and Information Security roles where security governance directly strengthens business outcomes.

Experience

Work history, roles, and key accomplishments

ME

Current

Security Assurance & Assessment

Current

Metrobank

Nov 2024 - Present (1 year 7 months)

Conduct 20+ information security risk assessments monthly across RPA implementations, process improvements, and third-party engagements, consistently exceeding targets in a lean 6-person team. Produced disposition recommendation reports with prescribed controls aligned to BSP regulations, PCI DSS, and ISO best practices, and helped drive redesigns for critical security design flaws before producti

GRC Third Party Risk Management Risk Assessment PCI DSS ISO 27001 RPA Security Review Process Mapping

PM

Assurance Associate

PwC Acceleration Center Manila

Apr 2023 - Oct 2024 (1 year 6 months)

Developed ACL scripts to transform and validate client financial data into PwC's Halo audit platform, supporting data integrity and audit readiness for financial services engagements. Collaborated with PwC Singapore teams on cross-border work to deliver timely, analysis-ready datasets and gained exposure to audit processes, internal control frameworks, and regulatory compliance.

data transformation Data Validation PwC Halo Financial Auditing Data Integrity Regulatory Compliance Internal Controls

Education

Degrees, certifications, and relevant coursework

UD

University of the Philippines Diliman

Bachelor of Science, Business Administration and Accountancy

2018 - 2023

Activities and societies: Vice President for Liaison (Aug 2021–Aug 2022) led partnership operations and oversaw 5 committees; UP Fair Elements Concert Chairperson (Feb 2021–Jun 2021) led a team of 10 to plan and execute the event.

Earned a BS in Business Administration and Accountancy at the University of the Philippines Diliman from 2018 to 2023. Participated in student leadership roles within the UP Junior Philippine Institute of Accountants.

Tech stack

Software and tools used professionally

Gmail

Google Workspace

Transform

Remote

Jan

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!