Functional Safety Engineer

Functional Safety Engineer – Bank of Commerce (Philippines)

Location: Las Piñas / Mandaluyong, National Capital Region

Salary: ₱1,500,000 - ₱2,500,000

Posted: 1 day ago

Job Viewed

Tap Again To Close

Job Description

JOB SUMMARY

• Oversee employees, consultants, subsidiaries and vendor's compliance with ISPP regarding the security of the Bank's information assets
• Monitor the adequacy and effectiveness of the systems of internal control to ensure that the systems minimize operations risk and identify exposures while the consequences are still avoidable
• Provide effective assessment of risks to ensure the soundness of information technology
• Provide consulting activity to improve the risk management process of the organization

JOB DESCRIPTION

• Maintain a good working relationship with unit management and meet with Group Heads or senior Bank management to explain information pertaining to adequacy, effectiveness and efficiency of internal control systems to mitigate the risks identified
• Develop and maintain key relationships with professional associations and/or individuals to exchange information on unusual or emerging technical issues and risk engines
• Facilitate periodic risk assessment following the ACES and ISRA methodologies of the bank information assets
• Conduct or review complex or specialized risk assessment of functions, identify and evaluate risk concerns, recommend mitigating controls and report summary information deficiencies of business and operating units
• Recommend strategies and programs in relation to the Bank's Information Security
• Provide consulting activities to business and operating units on IT risks and information security issues covering Bank's processes, operating policies and procedures
• Ensure adequacy and relevance of Information Security Policies and Procedures
• Oversee user adherence to security policy and report breaches to the appropriate authority
• Develop or enhance the risk assessment program on information security and privacy matters
• Develop and provide continuing education and advisory on information security and privacy matters for Bank personnel
• Participate in Business Continuity Planning
• Assist in facilitating vulnerability assessment and penetration testing exercises conducted by third party consultants and monitor resolution
• Ensure timely resolution of internal and regulatory findings
• Keep abreast of latest information security and privacy regulations and vulnerabilities and new and emerging security technology
• Prepare, assist and gather information for management or BROC reporting

JOB QUALIFICATION

• At least 5-7 years of professional experience in Information Security, IT Risk Management, or related fields
• Minimum 2 - 3 years in a supervisory or leadership role managing risk assessments, audits, or compliance activities
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Proficiency in risk management methodologies such as ISRA, RCSA, and SASRA, including risk registers and heatmaps

This advertiser has chosen not to accept applicants from your region.

Security Risk Assessment Analyst

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills
• Exhibits critical thinking
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar
• Other relevant technical certification would also be an advantage

This advertiser has chosen not to accept applicants from your region.

IT Security Risk Assessment Officer

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Be #InGoodHands with Metrobank

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach

Position Title:
Security Assurance and Assessment Officer

Job Summary:

• Develop tactical plans and programs for the establishment and maintenance of the Bank's third party information security risk management framework and ensure alignment with the enterprise risk framework
• Performs third party security, system security and information asset based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third party relationships to identify potential risk including the determination of risk mitigation strategies
• Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies
• Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services

Role Exposure:

• Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments
• Identify the Bank's critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information
• Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
• Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
• Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships
• Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk
• Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities
• Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment
• Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities
• Ensures security risk register is maintained and kept updated including status of remediation activities
• Executes and monitors accomplishment of the risk assessment plans and programs
• Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical
• Tracking and follow up on status of mitigation activities
• Maintain and track library of records and documentation
• Investigation of applicable reported incidents related to information handling and data privacy
• Keep abreast of and apply information, IT and third party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work
• Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them
• Proactively works with the Department Head in implementing programs for the continuous improvement of the bank's information security plans and strategies
• Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head

Qualifications:

• Bachelor's Degree
• Experienced in IT general controls and auditing, preferably strong background on system security risk assessments
• Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
• Experienced on project security technical review and risk assessment
• Analytical and risk identification skills to analyze a variety of information security –related risk situations and develop recommendations on the best course of action
• Should also be abreast with security best practices and knowledge of common and emerging security threats
• Professional Certification may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage

Other Details:

Rank:
Junior Officer

Unit:
Financial and Control Sector / Information Security Division / Security Quality Assurance and Risk Assessment Department

Location:
Metrobank Center, BGC, Taguig City

This advertiser has chosen not to accept applicants from your region.

Be The First To Know

About the latest Functional safety engineer Jobsin Las Piñas

Set Email Alert:

Job title

Location

2

What Locations Can I Find These Jobs In?

• Receive personalized job recommendations.

#J-18808-Ljbffr

---