IT Security Risk Assessment Officer

3 weeks ago


Taguig, National Capital Region, Philippines Hunter's Hub, Inc. Full time
Must have:

Bachelor's degree in Computer Science, Information Technology, or a related field.
Must have minimum 3 years of experience in Information Security or related fields.
Must be knowledgeable on various compliance and regulatory requirements (i.e., BSP, DPA, PCI-DSS, etc.)
Must have experience in various information and IT security domains and controls related to third party risks, data security and risk management, data transmission integrity. This includes understanding various processes related to the service, product or solution provided by vendors to the Bank and its links to bank processes.
Must have experience in information security governance, controls assurance, risk assessments and key risk indicators development.
Must have experience in IT general controls and auditing.
Must have the ability to do research on items assigned to them.
Must have strong background on network and application system security risk assessments.
Must have experience in planning, executing, and documenting assessment activities following established processes and procedures with minimal guidance
Must have experience in leading and working well with the team, internal, and external clients. Have good teamwork and collaboration skills: good team players with the ability to lead security initiatives.
Analytical and risk identification skills to analyze a variety of information security –related risk situations and develop recommendations on the best course of action.
Must have Project management skills: to lead and manage accomplishments of assigned tasks/risk assessment activities.
Must possess excellent time management skills, thrive in a fast-paced demanding environment.
Be a self-managed self-starter with good organizational skills to include good follow-up skills
Be able to work under pressure on multiple assessments/projects simultaneously
Strong attention to detail, analytical, and problem-solving skills. Strong learning agility with the ability to learn new processes
Must have good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.
Analytical and risk identification skills to analyze a variety of information security related risk situations and develop recommendations on the best course of action
Must be knowledgeable in using MS office tools such as PowerPoint, word, excel and project.

Job Description:

Develop tactical plans and programs for the establishment and maintenance of the Bank's third-party information security risk management framework and ensure alignment with the enterprise risk framework. Performs third party security, system security and information asset-based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third-party relationships to identify potential risk including the determination of risk mitigation strategies. Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies. Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services.

Specific Duties & Responsibilities:
Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments.
Identify the Bank's critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information.
Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
Analyze and assess the impact of changes in process, technical changes and systems enhancements and third-party relationships.
Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk.
Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities.
Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment.
Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities.
Ensures security risk register is maintained and kept updated including status of remediation activities.
Executes and monitors accomplishment of the risk assessment plans and programs.
Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical. Tracking and follow up on status of mitigation activities.
Maintain and track library of records and documentation.
Investigation of applicable reported incidents related to information handling and data privacy.
Keep abreast of and apply information, IT and third-party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work.
Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them.
Proactively works with the Department Head in implementing programs for the continuous improvement of the bank's information security plans and strategies.
Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head.

  • Taguig, National Capital Region, Philippines TalentHero Full time

    Job Summary:- Develop tactical plans and programs for the establishment and maintenance of the Bank's third party information security risk management framework and ensure alignment with the enterprise risk framework- Performs third party security, system security and information asset based risk assessment. Analyze and review of complex bank processes,...


  • Taguig, National Capital Region, Philippines Lewis Glanz Consulting Full time

    Qualifications:- Bachelor's Degree- Experienced in IT general controls and auditing, preferably strong background on system security risk assessments- Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions- Experienced on project security...


  • Taguig, National Capital Region, Philippines A7 Recruitment, Inc. Full time

    Job Summary:Performs third party security, system security and information asset based risk assessment.Analyze and review of complex bank processes, application system and network security implementation and third party relationships to identify potential risk including the determination of risk mitigation strategies2-3yrs of exp of I.T Audit and Risk...


  • Taguig, National Capital Region, Philippines beBeeSecurity Full time

    Job TitleWe are seeking a highly skilled Information Security Risk Assurance Officer to join our team. This is a unique opportunity for an experienced professional to play a key role in ensuring the Bank's information security risk management framework is aligned with the enterprise risk framework.The successful candidate will have extensive experience in...


  • Taguig, National Capital Region, Philippines beBeeRisk Full time

    Non-FS Third-Party Risk Management ConsultantA career in Risk Consulting, within Financial Accounting Advisory Services, will give you the opportunity to build a valuable consulting practice with a variety of clients. You'll help our clients improve risk management processes by assessing and advising on various risk scenarios.Assist Managers in the delivery...


  • Taguig, National Capital Region, Philippines E-Solutions Inc Full time

    Location: Bonifacio Global City, TaguigPosition Type: Full TimeWork Set up:OnsiteSchedule:M-FJob Summary:We are looking for a highly motivated Security Assurance and Assessment Officer (SAAO) to join our Information Security Division. In this role, you will be responsible for conducting third-party security assessments, system security reviews, and risk...


  • Taguig, National Capital Region, Philippines beBeeRisk Full time

    Job Title: Security Assurance and Assessment OfficerWe are seeking a skilled Security Assurance and Assessment Officer to join our team. This role requires a strong background in information security, risk management, and compliance.About the Role:This is an exciting opportunity for a seasoned professional to take on a leadership role in our security...


  • Taguig, National Capital Region, Philippines Metrobank Full time

    Be #InGoodHands with MetrobankHere at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future...


  • Taguig, National Capital Region, Philippines UnitedHealth Group Full time

    Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion,...


  • Taguig, National Capital Region, Philippines ISACA Full time

    Job TitleSenior IT Security Risk & Compliance AnalystJob Description SummaryPrimary Purpose: Manage and coordinate day-to-day security operations and initiatives, ensuring alignment with global standards and timelines. Collaborate with regional leads, legal, and service lines to support training, risk management, and governance. Lead security awareness...