Senior Vulnerability Management Consultant

Senior Vulnerability Management Consultant

Mandaluyong, National Capital Region ₱ - ₱ Y Bank of Commerce (Philippines)
Posted 1 day ago

Job Description

JOB SUMMARY

• Oversee employees, consultant, subsidiaries and vendor's compliance with ISPP regarding the security of the Bank's information assets;

Monitor the adequacy and effectiveness of the systems of internal control to ensure that the systems minimize operations risk and identify exposures while the consequences are still avoidable;

• Provide effective assessment of risks to ensure the soundness of information technology; and
• Provide consulting activity to improve the risk management process of the organization.

JOB DESCRIPTION

• Maintain a good working relationship with unit management and meets with Group Heads or senior Bank management to explain information pertaining to adequacy, effectiveness and efficiency of internal control systems to mitigate the risks identified.
• Develop and maintain key relationship with professional associations and /or individuals to exchange information on unusual or emerging technical issues and risk engines.
• Facilitate periodic risk assessment following the ACES and ISRA methodologies of the bank information assets.
• Conduct or review complex or specialized risk assessment of functions, identifies and evaluate risk concerns, recommend mitigating controls and report summary information deficiencies of business and operating units
• Recommends strategies and programs in relation to the Bank's Information Security
• Provide consulting activities to business and operating units on IT risks and information security issues covering Bank's processes, operating policies and procedures.
• Ensure adequacy and relevance of Information Security Policies and Procedures.
• Oversee user's adherence to security policy and report breaches to the appropriate authority
• Develop or enhance the risk assessment program on information security and privacy matter
• Develop and provide continuing education and advisory on information security and privacy matters for Bank personnel
• Participate in the Business Continuity Planning
• Assist in facilitating the vulnerability assessment and penetration testing exercises conducted by third party consultants and monitor resolution.
• Ensure timely resolution of internal and regulatory findings.
• Keep abreast of latest information security and privacy regulations and vulnerabilities and new and emerging security technology
• Prepare, assist and gather information for management or BROC reporting

JOB QUALIFICATION

• At least 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
• Minimum 2 - 3 years in a supervisory or leadership role managing risk assessments, audits, or compliance activities.
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Proficiency in risk management methodologies such as ISRA, RCSA, and SASRA, including risk registers and heatmaps.

Security Risk Assessment Analyst

Posted today

Job Description

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

IT Security Risk Assessment Officer

Posted 1 day ago

Job Description

Be #InGoodHands with Metrobank

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach

Position Title:
Security Assurance and Assessment Officer

Job Summary:

• Develop tactical plans and programs for the establishment and maintenance of the Bank's third party information security risk management framework and ensure alignment with the enterprise risk framework
• Performs third party security, system security and information asset based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third party relationships to identify potential risk including the determination of risk mitigation strategies
• Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies
• Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services

Role Exposure:

• Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments
• Identify the Bank's critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information
• Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
• Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
• Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships.
• Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk
• Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities
• Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment
• Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities
• Ensures security risk register is maintained and kept updated including status of remediation activities
• Executes and monitors accomplishment of the risk assessment plans and programs
• Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical
• Tracking and follow up on status of mitigation activities
• Maintain and track library of records and documentation
• Investigation of applicable reported incidents related to information handling and data privacy
• Keep abreast of and apply information, IT and third party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work
• Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them
• Proactively works with the Department Head in implementing programs for the continuous improvement of the bank's information security plans and strategies
• Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head

Qualifications:

• Bachelor's Degree
• Experienced in IT general controls and auditing, preferably strong background on system security risk assessments
• Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
• Experienced on project security technical review and risk assessment
• Analytical and risk identification skills to analyze a variety of information security –related risk situations and develop recommendations on the best course of action
• Should also be abreast with security best practices and knowledge of common and emerging security threats
• Professional Certification may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage

Other Details:

Rank:
Junior Officer

Unit:
Financial and Control Sector / Information Security Division / Security Quality Assurance and Risk Assessment Department

Location:
Metrobank Center, BGC, Taguig City

Security Consultant

Posted 1 day ago

Job Description

Introduction
In this role, you will work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we provide deep technical and industry expertise to a wide range of public- and private-sector clients worldwide. Our Delivery Centers bring locally based skills and technical expertise to our clients, helping them drive innovation and accelerate the adoption of new technologies.

Your Role And Responsibilities
A
Security Consultant
is a cybersecurity professional responsible for safeguarding an organization's computer systems, endpoints, and sensitive data against cyber threats. They play a critical role in maintaining the confidentiality, integrity, and availability of organizational information by implementing and managing robust endpoint security and data protection solutions. This role ensures that security incidents are detected, prevented, and swiftly responded to, thereby maintaining the organization's cybersecurity posture and ensuring compliance with internal and regulatory data protection requirements.

Endpoint Security & DLP Management

• Design, implement, and manage endpoint security and Data Loss Prevention (DLP) solutions (e.g., Forcepoint, Symantec DLP, Microsoft Purview).
• Configure DLP policies to monitor and prevent unauthorized data access, transfer, or exfiltration across all endpoints.
• Continuously monitor and fine-tune DLP alerts and endpoint agents to ensure effective policy enforcement and coverage.
• Collaborate with infrastructure, application, and business teams to align endpoint and DLP policies with operational and compliance requirements.
• Ensure endpoint protection tools (AV, EDR, DLP) are properly deployed, updated, and aligned with security standards and best practices.

Incident Response & Security Assessments

• Respond to DLP-related incidents and support investigations, containment, and remediation activities.
• Conduct regular endpoint and DLP control assessments, identifying gaps and recommending mitigations.
• Monitor data usage and movement to detect anomalies, enforce data classification policies, and prevent violations.
• Support compliance teams in audit preparations and evidence gathering related to endpoint and data protection.
• Document incidents and provide technical input for root cause analysis and lessons learned.

Security Excellence & Best Practices

• Stay informed on emerging endpoint and data protection threats, tools, and tactics to strengthen defense strategies.
• Evaluate new security solutions and recommend enhancements to existing DLP and endpoint protection platforms.
• Develop and maintain security documentation, including SOPs, configuration baselines, and knowledge articles.
• Conduct user awareness sessions on endpoint hygiene, data security policies, and DLP best practices.

Preferred Education

Bachelor's Degree

Required Technical And Professional Expertise

• Experience with endpoint and DLP tools such as CrowdStrike, Trend Micro, Forcepoint DLP, Symantec DLP, or Microsoft Purview.
• Strong understanding of Windows, macOS, and Linux operating systems, including endpoint configurations.
• Working knowledge of data protection controls, threat detection, and incident response processes.
• Familiarity with security event triage and root cause analysis related to data protection incidents

Preferred Technical And Professional Experience

• Hands-on experience in managing enterprise-grade DLP policies and alerts across multiple data channels (endpoints, email, cloud, etc.).
• Knowledge of regulatory requirements and compliance frameworks such as PDPA, GDPR, HIPAA, NIST, and ISO 27001.
• Experience working in regulated industries such as financial services, healthcare, or telecommunications.

Security Consultant- GRC

Posted today

Job Description

SECURITY CONSULTANT - GRC

Work for our global clients and immerse in our rich and diverse company culture where you can thrive, grow and just be aweSOme Apply now and discover the Satellite Office Candidate Experience – recognized as one of BEST among BPO companies worldwide.

WHAT IS A/AN SECURITY CONSULTANT - GRC?

The Security Consultant will work with the wider Consulting team, responsible for the development and delivery of Governance, Risk and Compliance services. This involves the end-to-end delivery for our customers and to a certain extent, business development.

A key part of the role will involve directly engaging customers to provide security consulting, aligned to deliverables. These include information security assessments, information security awareness, risk assessments and more.

The role will also involve working with the Sales teams and Pre-Sales teams across InfoTrust.

WHAT WILL BE YOUR MAIN RESPONSIBILITIES?

• Delivery of Consulting Services
• Information Security Assessments
• Information Security Awareness consulting
• Pre-sales - working with the sales function to present and respond to technical requirements
• Technical expertise on specific services/products for pre-sales for key/large enterprise as/when needed
• Delivery of consulting services to clients, as per scopes of work that are signed before commencement
• Delivery of ad-hoc advisory to clients within the realms of information security, governance, risk and compliance
• Evangelise security best practice, research and knowledge sharing amongst customers and prospective customers
• Services Delivery Management
• Adhere and contribute to SLA's, metrics, reporting, project scoping and management, customer escalation, engagement management, etc
• Management of internal security governance, risk and compliance - using the 'eating our own cooking' approach.

Outcomes and measures

· Develop Information security governance & risk management strategies, frameworks (ISO27001 & PCI-DSS), policies, standards and metrics to measure maturity of overall security operations in alignment with business priorities and its tactical/strategic objectives

· Perform reviews, assessments and system implementations based on industry/regulatory requirements such as ISO27001, NIST Cybersecurity Framework, SOC2/SSAE-18, Australian ISM, etc).

· Scope required activities and perform project estimates as required, ensuring that consulting activities defined in these scopes are delivered to the highest standards

· Engage in skills transfer - both internally and with customers

· Deliver assignments securely on time within budget and share results and recommendations to both technical and non-technical customers, in the form of either in-person presentations, written or verbal reports

· Develop and maintain strong relationships with customers through timely delivery of projects

· Conduct project management, where required

· Maintain InfoTrust's internal security standards and confidentiality of customer material as defined in out ISO 27001:2013 aligned ISMS

WHAT ARE WE LOOKING FOR?

• Minimum of 2-3 years' experience in IT, preferably in information and cybersecurity
• Minimum 1-2 years' experience in GRC focussed role
• Experience in conducting IT security and cyber/information security assessments
• Experience assisting with audits (internal & external) and auditors
• Proven track record building strong relationships with key business leaders and
• stakeholders
• Practical understanding of Information Security Standards & Frameworks, for e.g. NIST CSF, ISO 27001, GDPR, ASD, ISM
• Good to have – 1 or more professional Information Security certifications (ISO 27001, CISSP
• Associate, CompTIA Security+ or equivalent)

Personal Attributes & Interpersonal Skills

· Outstanding verbal and written communication

· Adaptability to change

· Ability to align Cyber/Information Security objectives with key business goals

· Prepared to act as a 'hands-on' leader, as required

• Decision making competency
• Strong business acumen
• Performance management
• An understanding of business engagement drivers

Personality Core Values

• Customer Driven
• Accountable
• Team Player
• Humble
• Trustworthy

Health and Safety Responsibilities

All employees are responsible for ensuring the health, safety and welfare of all employees and others in the workplace:

• Comply with OHS legislation
• Work in accordance with safe working practices
• Ensure that any hazard or injuries are reported to your manager
• Environmental awareness is followed in daily performance of duties

Cyber Security Consultant

Posted today

Job Description

About this Position
As a Cybersecurity Consultant at Henkel, you will play a critical role in strengthening our organization's information security posture across global operations. Your primary goal will be to conduct comprehensive security assessments, identifying risks and opportunities for improvement that directly protect our assets and enhance our resilience against emerging cyber threats. You will work closely with cross-functional teams, fostering collaboration and embedding security requirements into the fabric of our operations. Your insights will drive strategic decisions, as you prepare detailed reports outlining key findings and actionable recommendations. You'll be part of a dynamic and supportive environment where innovation is encouraged—your contributions will not only shape the future of our cybersecurity landscape but also help safeguard our mission to deliver high-quality products and services globally. Join us in this vital pursuit of excellence in cybersecurity and make a meaningful impact within our organization

What You´ll Do

• Conduct in-depth security assessments of IT systems, projects, and organizations to identify risks and improvement opportunities
• Provide expert consultation to business and IT stakeholders on applying information security and cybersecurity best practices across Henkel's global operations
• Collaborate with cross-functional teams to embed security requirements into business processes, IT environments, and digital initiatives
• Prepare detailed assessment reports and management briefings, outlining key findings and recommended mitigation actions
• Develop and implement information security and cybersecurity policies, procedures, and controls
• Monitor emerging cybersecurity threats, trends, and technologies, translating insights into actionable guidance for relevant teams

What makes you a good fit

• Bachelor's Degree in Information Technology, Computer Science, IT Business Applications or other relevant courses
• Minimum of seven (7) years of relevant work experience in IT Cybersecurity Risk Assessment, Cloud Security and Secure Architecture Design, including DevSecOps practices
• Relevant IT Cybersecurity certifications such as CISSP, CISM, CISA, or equivalent is a must Solid understanding of standards and regulatory requirements (e.g., ISO 27001, OWASP, GDPR)
• With continuous improvement mindset, strong problem-solving, project management, communication and presentation skills
• With the ability to proactively resolve issues, work effectively with cross-functional teams and high-level stakeholders
• Excellent command of both spoken and written English
• Amenable to work on a mid-shift schedule (1:00 PM to 10:00 PM) and report on a hybrid work set-up in Ayala Avenue, Makati

Some perks of joining Henkel

• A thriving career with the Top 15 Best Workplaces in the Philippines by Great Place to Work and the Top GBS Employer in the Philippines by the Everest Group for 4 consecutive years
• Flexible work scheme with flexible hours, hybrid work model, and work from anywhere policy for up to 30 days per year
• Diverse national and international growth opportunities
• Globally wellbeing standards with health and preventive care programs
• Gender-neutral parental leave for a minimum of 8 weeks
• Employee Share Plan with voluntary investment and Henkel matching shares
• Provident Fund
• Group Life and Personal Accident Insurance

At Henkel, we come from a broad range of backgrounds, perspectives, and life experiences. We believe the uniqueness of all our employees is the power in us. Become part of the team and bring your uniqueness to us We welcome all applications across different genders, origins, cultures, religions, sexual orientations, disabilities, and generations.

Cyber Security Consultant

Posted 1 day ago

Job Description

Job Title:
Cyber Analyst/Consultant based in Deloitte Consulting Philippines Delivery Centre

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society's biggest challenges and creating a better future. Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognized for their contributions.

Ready to unleash your potential with us? Join the winning team now

Work you will do

Deloitte's Engineering offers help to enable organization's end-to-end journey from on-premise legacy systems to the cloud, from design through deployment, and leading to the ultimate destination—a transformed organization primed for growth.

• Threat Monitoring and Analysis: Continuously monitor security alerts and incidents using Security Information and Event Management (SIEM) and Endpoint Managed Detection and Response (EMDR) tools.
• Investigation and Root Cause Analysis: Analyse patterns to detect advanced threats and to identify their root causes.
• Security Tool Management: Maintain and optimise the security tools and technologies under your management.
• Reporting and Documentation: Prepare detailed reports on security incidents, trends, and operational metrics, and clearly communicate findings and recommendations to stakeholders.
• Collaboration and Support: Work closely with the wider team to implement improved security measures across the organisation.

Enough about us, let's talk about you

• You hold a relevant Information Technology-related qualification or a certification in cybersecurity.
• You possess strong analytical and problem-solving skills, with the ability to analyse complex datasets, draw insights, proactively identify issues, and develop effective solutions.
• You have a strong foundation in general technology and cyber knowledge, including an understanding of network protocols, application architectures, databases, cyber-attack techniques, and the cyber kill chain.
• You are known for your attention to detail and reliability, and you can form strong working relationships with colleagues.
• You have good report-writing skills and excellent presentation skills.

To be successful in this role, you should have the following key experience and capabilities:

• Experience with well-known SIEM and EMDR platforms is required; specific experience with Microsoft Sentinel or CrowdStrike is preferred.
• Familiarity with scripting and data analytics languages would be an advantage.

What is in store for you?

• Embrace the dynamic nature of our work environment with the opportunity to work on a hybrid set-up and on a shifting schedule.
• Rewards platform – your hard work won't go unnoticed at Deloitte
• Training and development - at Deloitte we believe in investing in our best assets, the people You will have access to world class training and funding towards industry and other professional certifications.
• Receive support and mentoring to progress your career. You will have access to mentors and coaches who will help you pave a path for career progression.
• Benefits effective upon hiring including paid time off and holidays, health, and life insurance

Next Steps

Sound like the sort of role for you? Apply now.

Due to volume of applications, we regret only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website.

2025 DCPDC Inc.

Be The First To Know

About the latest Senior vulnerability management consultant Jobsin Taguig

Set Email Alert:

Job title

Location

SAP Security Consultant

Posted today

Job Description

JOIN OUR TEAM
W
e're On a Mission to Bring Sunshine for All

Dole is one of the world's largest producers and marketers of high-quality fresh fruits, with a growing line of quality packaged and frozen foods. Dole's dedication to quality is a commitment solidly backed by: comprehensive programs for food safety, scientific crop protection programs, stringent quality control measures, state-of-the-art production and transportation technologies, continuous improvement through research and innovation, and dedication to the safety of their employees, communities and the environment.

Job Purpose

Executes SAP security operations by designing and maintaining user roles and authorizations. Supports access governance processes to safeguard system integrity, mitigate Segregation of Duties (SoD) risks, and ensure compliance with internal controls and audit requirements such as JSOX and ITGC.

Principal Duties and Responsibilities

• Designs SAP roles and authorizations to enable secure and compliant access.
• Processes user access requests to support operational efficiency.
• Resolves SAP security issues and escalates complex cases to ensure timely resolution.
• Implements authorization solutions based on new business requirements.
• Conducts periodic user access and sensitive access reviews to identify risks.
• Executes JSOX-related security activities to maintain audit readiness.
• Prepares documentation and responds to internal and external audit inquiries.
• Coordinates with Basis and application teams to maintain technical security.
• Identifies process gaps and initiates improvement actions.
• Develops authorization concepts for implementation projects.
• Maintains change documentation in ServiceNow and SharePoint.
• Generates SAP user license audit reports to monitor usage and ensure compliance.
• Monitors license assignments to optimize allocation and prevent overuse.

Education, Work Experience, and Special Skills

• Bachelor's degree in information technology, Engineering, or related field.
• Minimum 7 years in SAP Authorization & Security
• At least 5 years hands-on experience with SAP S/4HANA and Fiori.
• Experience in SAP security design, implementation, and user provisioning
• Experience in SAP implementation and Production Support
• Strong knowledge of SAP authorization objects and structural authorizations
• Familiarity with SAP modules: MM, SD, BW, FI, CO, PP, PM, AGRI,GR
• Exposure to compliance frameworks (SOX, JSOX, ITGC)
• Understanding of SoD and sensitive access concepts
• Experience with SAP BTP, SAC, and Cloud access security
• Experience with SAP User License Audit Workbench is a plus
• Strong analytical and problem-solving skills
• Detail-oriented

Other Requirements

• Willing to be based in Makati City
• Hybrid setup; must report onsite at least twice a week
• Willing to travel for offsite activities and business unit visits
• Open to occasional travel for offsite activities
• Support on-call during critical activities

Associate Security Consultant-Cloud Security Services

Posted today

#J-18808-Ljbffr

---