IT Security Risk Assessment Officer

Metrobank Taguig, National Capital Region, Philippines

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach

Security Assurance and Assessment Officer

Develop tactical plans and programs for the establishment and maintenance of the Bank’s third party information security risk management framework and ensure alignment with the enterprise risk framework. Perfor ms third party security, system security and information asset based risk assessment. Analyze and review complex bank processes, application systems and network security implementations and third party relationships to identify potential risk including the determination of risk mitigation strategies. Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of information assets, processing facilities and connected services.

• Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments
• Identify the Bank’s critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information
• Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
• Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
• Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships
• Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk
• Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities
• Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment
• Articulate security findings and risk remediation strategies through issuance of risk assessment report; track and follow-up status of risk mitigation activities
• Ensures security risk register is maintained and kept updated including status of remediation activities
• Executes and monitors accomplishment of the risk assessment plans and programs
• Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical audiences
• Tracking and follow up on status of mitigation activities
• Maintain and track library of records and documentation
• Investigation of applicable reported incidents related to information handling and data privacy
• Keep abreast of and apply information, IT and third party security trends and regulatory and compliance changes affecting the security landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work
• Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them
• Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies
• Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head

• Bachelor's Degree
• Experienced in IT general controls and auditing, preferably strong background on system security risk assessments
• Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
• Experienced on project security technical review and risk assessment
• Analytical and risk identification skills to analyze a variety of information security–related risk situations and develop recommendations on the best course of action
• Should also be abreast with security best practices and knowledge of common and emerging security threats
• Professional Certification may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage

• Rank: Junior Officer
• Unit: Financial and Control Sector / Information Security Division / Security Quality Assurance and Risk Assessment Department
• Location: Metrobank Center, BGC, Taguig City

• Mid-Senior level

• Full-time

• Information Technology
• Industries: Banking

Referrals increase your chances of interviewing at Metrobank by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.