Governance, Risk, and Compliance Specialist

Department: Information TechnologyEmployee Type: Probationary Cebu Pacific is always up for new challenges, enabling our teams to stay at the forefront of agile and technological innovations. Pursuing a career under Information Technology at Cebu Pacific will enable you to play a pivotal role in shaping and securing the airline’s digital landscape from business analytics, system architecture, technology engineering, project management, cybersecurity, and cloud solutions. At Cebu Pacific, we build more than just technology—we create solutions that fuel the future of travel. We are seeking a highly motivated and experienced IT Audit Engagement Specialist to join our dynamic team. This role is responsible for supporting the end-to-end IT audit engagements from internal and external auditors to assess technology-related risks, evaluate the effectiveness of IT controls, and ensure compliance with regulatory requirements and internal policies. The ideal candidate will serve as a key subject‑matter expert, interfacing between the audit team and IT/business stakeholders to deliver high‑quality, value‑added audit results. This position requires a strong blend of technical expertise, project management discipline, and exceptional communication skills. Responsibilities Support and manage the full lifecycle of IT audit engagements (internal and external audits), from planning through fieldwork, reporting, and issue remediation tracking. Manage IT stakeholders to ensure understanding and timely delivery of audit requirements. Develop and maintain all audit documentation, including audit requests trackers, audit schedules, remediation status, among others. Risk Assessment and Analysis Conduct continuous IT risk assessments to identify and evaluate emerging cybersecurity, data privacy, and technology risks. Support the team in assessing the design and operating effectiveness of IT General Controls (ITGCs) across areas such as change management, logical access, IT operations, and system development. Evaluate controls over key business applications, databases, and network infrastructure to ensure data integrity, confidentiality, and availability. Compliance & Governance Ability to communicate IT controls with process owners to ensure compliance with relevant frameworks and regulations (e.g., PCI‑DSS, CIS, DPA, ISO 27001, NIST). Partner with the IT Cybersecurity team to provide support in implementing the organization’s cybersecurity program; guidance on control design and best practices to proactively address compliance gaps. Stay current on evolving regulatory landscapes and cybersecurity threats to adapt the IT audits accordingly. Reporting & Stakeholder Communication Serve as the primary point of contact for IT and business stakeholders throughout the audit engagement. Prepare clear, concise, and impactful reports. Present audit results and cybersecurity awareness results to relevant stakeholders. Effectively communicate technical issues to non‑technical audiences. Collaborate with process owners to develop and monitor management's action plans to ensure timely remediation of identified issues. Qualifications Education: Bachelor’s degree in information technology, or a related field. Experience: 2+ years of progressive experience in IT audit management, risk management, or cybersecurity. Skills: Intermediate knowledge in auditing IT General Controls (ITGCs). Understanding of cybersecurity principles, including vulnerability management, identity and access management, and incident response and other security controls. Good written and verbal communication skills. Ability risks to diverse audiences. Ability to organize and perform project management skills. Proven ability to manage multiple audit engagements, prioritize tasks, and meet deadlines. Excellent analytical, problem‑solving, and critical thinking abilities with a high attention to detail. Good interpersonal skills with a natural ability to build rapport, influence, and collaborate effectively across all levels of the organization. Ability to lead engagement teams, delegate tasks to other IT teams. Unquestionable professional integrity, objectivity, and the ability to handle confidential information with discretion. A proactive, self‑motivated mindset with the flexibility to adapt to fast‑paced work environment, multi‑tasking, changing priorities and new technologies. Additional Skills (Preferred): IT Professional certification is an advantage. Knowledge and proven experience on implementing and handling audits related to IT control frameworks, including COBIT, NIST Cybersecurity Framework, and ISO 27001. Experience Range (Years): 2 - 4 years Job posted on: Why Join Us We are the first Great Place to Work® certified airline in Southeast Asia. We have been recognized as Best Employer Brand on LinkedIn for two consecutive years. Be part of a forward‑thinking team that values innovation and continuous improvement. Play a key role in developing and nurturing the talents that drive our success. Accelerate your career with access to extensive learning programs and leadership development initiatives, all under CEB University. Enjoy unique employee perks such as free travel for you and your family. Expanded coverage to common law partners and same‑sex partners Be assured of a comprehensive healthcare coverage upon hire. Your moment matters. Be a Moment Maker #J-18808-Ljbffr