Mervin Manangan

Information Security Engineer

Experienced Information Security Engineer with a strong focus on risk assessment and vulnerability management. Proven track record in implementing robust security protocols and enhancing incident response strategies, resulting in a significant reduction in potential threats. Committed to delivering innovative security solutions that protect organizational assets and ensure compliance with industry standards. Recognized for exceptional analytical skills and the ability to lead cross-functional teams in high-pressure environments.

0+
Years experience
0
Language
0
Skills
Work Experience
Information Security Manager
Cencora Corporation
Mar 2020 — Jul 2026
  • Led initiatives to strengthen Cencora's cloud and on-premise security posture, delivering measurable improvements:
  • Raised cloud security posture score by 30% (from 50% to 80%) through targeted remediation, configuration hardening, and automation of compliance checks.
  • Secured sensitive data at rest and in transit by implementing enterprise encryption standards, TLS enforcement, and centralized key management.
  • Designed and rolled out golden configuration benchmarks for on-premise and cloud resources, expanding coverage from 75% to 100% and reducing configuration drift.
  • Collaborated with engineering, operations, and compliance teams to operationalize controls and improve continuous monitoring.
  • Led Enterprise Vulnerability & Posture Strategy: Directed risk-based vulnerability management across on-prem, cloud, endpoint, network, IoT, OT, and third-party environments, transitioning the enterprise from traditional tracking to threat-intelligence and business-criticality-driven prioritization.
  • Designed Unified Executive Dashboards: Spearheaded the development of consolidated vulnerability dashboards and reporting frameworks (KPIs, KRIs, MTTR, aging analysis), providing centralized visibility and driving data-backed security decisions across business units.
  • Strengthened Cloud Security & Governance: Led investigations and cross-functional incident response for critical cloud risks (public databases, internet-facing workloads), while integrating cloud security platforms with enterprise reporting to reduce threat exposure.
  • Created Risk-Based Prioritization Frameworks: Authored and championed risk-scoring methodologies that combine vulnerability severity, exploitability, exposure, and asset criticality to shift remediation from volume-based tasks to high-impact risk reduction.
  • Advanced Security Data Integration: Guided the integration and normalization of vulnerability, CMDB, cloud posture, and threat intelligence data into enterprise analytics platforms, migrating manual reporting into scalable, automated data solutions.
  • Optimized Cloud Reporting Accuracy: Resolved reporting inconsistencies across Microsoft security platforms to improve vulnerability data quality, establishing high-integrity dashboards that restored stakeholder trust in security metrics.
  • Matured CMDB & Asset Governance: Leveraged CMDB data to map vulnerability ownership, asset criticality, and exposure, significantly accelerating remediation accountability and enhancing overall configuration management strategy.
Skills
Cloud Security Posture ManagementVulnerability and Risk ManagementData ProtectionAutomation and OrchestrationDevSecOpsCloud Workload ProtectionIncident ManagementSaaS Security Posture ManagementMS Azure SecurityWindows AdministrationLinux Administration
Education
Bachelor of Science, Computer Engineering
Don Bosco Technical College
Certifications
Azure Security Engineer AZ-500
Microsoft Azure
2020-07
Languages
English
Fluent