Risk And Security Assessment Consultant

15 hours ago


Metro Manila Philippines Buscojobs Full time

Job descriptions and qualifications provided below have been reformatted for clarity and corrected structure while preserving the original information.

Security Risk Assessment Consultant

Location: Mandaluyong, National Capital Region
Salary: ₱ - ₱
Employer: Bank of Commerce (Philippines)

Job Summary:

  • Oversee employees, consultants, subsidiaries and vendors' compliance with ISPP regarding the security of the Bank's information assets.
  • Monitor the adequacy and effectiveness of internal control systems to minimize operations risk and identify avoidable exposures.
  • Provide effective risk assessments to ensure the soundness of information technology and provide consulting to improve the risk management process of the organization.

Job Description:

  • Maintain good working relationships with unit management and meet with Group Heads or senior bank management to explain information pertaining to adequacy, effectiveness and efficiency of internal control systems to mitigate risks identified.
  • Develop and maintain relationships with professional associations/individuals to exchange information on emerging technical issues and risk engines.
  • Facilitate periodic risk assessments following ACES and ISRA methodologies of bank information assets.
  • Conduct or review complex risk assessments of functions, identify risk concerns, recommend mitigating controls, and report deficiencies.
  • Recommend strategies and programs related to the Bank's Information Security.
  • Provide consulting on IT risks and information security issues across bank processes, policies and procedures.
  • Ensure adequacy and relevance of Information Security Policies and Procedures; oversee adherence to security policy and report breaches.
  • Develop or enhance the risk assessment program on information security and privacy; provide continuing education and advisory for Bank personnel.
  • Participate in Business Continuity Planning and assist in vulnerability assessment and third-party penetration testing exercises; monitor resolution of findings.
  • Keep abreast of latest security regulations and vulnerabilities; prepare information for management reporting.

Job Qualifications:

  • 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
  • 2-3 years in supervisory or leadership role managing risk assessments, audits, or compliance activities.
  • Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls).
  • Proficiency in risk management methodologies (ISRA, RCSA, SASRA) including risk registers and heatmaps.
Security Risk Assessment Analyst

Location: Mandaluyong, National Capital Region

Job Description:

  • Perform risk assessment for in-flight projects; identify risks and provide recommendations to ensure cybersecurity standards and best practices compliance.
  • Collaborate with project managers and team on security requirements and risk mitigation strategies.
  • Ensure timely delivery of security assessment reports; monitor SLOs and risk mitigation progress.
  • Facilitate risk acceptance reviews for requirements that cannot be implemented in time for production.
  • Stay informed on threats and vulnerabilities; provide mentorship to risk assessment analysts.
  • Support requirements for risk management tools (e.g., GRC, third-party risk management).

Technical Competencies:

  • Knowledge of operating systems and networking; cloud knowledge desirable.
  • Familiarity with NIST CSF, ISO-27001, CIS Controls.
  • Risk-based approach to security assessments; some project management experience; basic threat modeling (e.g., STRIDE).

Qualifications:

  • Bachelor’s degree in Computer Science/Engineering/IT or related; 4-5 years in Security Risk Management or related IT roles.
  • Excellent verbal/written communication; critical thinking; strong leadership.
  • Relevant certifications preferred (CISSP, CISM, CISA, CRISC, ISO-27000).
IT Security Risk Assessment Officer

Posted 1 day ago

Job Summary/Responsibilities:

  • Develop and maintain the Bank’s third-party information security risk management framework; ensure alignment with enterprise risk framework.
  • Perform third-party security, system security and information asset risk assessments; analyze bank processes and networks for risk and determine mitigating strategies.
  • Review complex security implementations in production for risk and compliance; recommend controls.
  • Coordinate across business units and stakeholders; prepare risk assessment reports; track remediation and maintain security risk registers.
  • Lead information security policy development and ensure adherence to ISO27001, PCI-DSS, NIST, and other applicable standards.

Qualifications:

  • Bachelor’s Degree; experience in IT general controls and IT security risk assessments.
  • Ability to prioritize risks, articulate business risk trade-offs, and communicate with executives.
  • Professional certifications such as CISA, CISM, CRISC, PCI-DSS, ISO-27001 are a plus.
Security Consultant

Posted 1 day ago

Job Description Summary:

Introduction: Work in IBM Consulting Delivery Centers delivering cyber security services to global clients. Roles include Security Consultant with focus on endpoint security, data loss prevention (DLP), incident response, risk assessments, and security governance.

Responsibilities:

  • Endpoint Security & DLP management: design, implement, and manage endpoint security and DLP; configure policies; ensure coverage.
  • Incident Response & Assessments: respond to incidents, conduct control assessments, monitor data usage, support audits.
  • Security Excellence: stay informed on threats; develop documentation; conduct user awareness.

Required Expertise:

  • Experience with endpoint and DLP tools (CrowdStrike, Trend Micro, Forcepoint DLP, Splunk/Microsoft Purview, etc.).
  • OS knowledge (Windows/macOS/Linux); data protection controls and incident response.
  • Familiar with PDPA, GDPR, HIPAA, NIST, ISO 27001; security certifications preferred.

Preferred:

  • Hands-on enterprise DLP policy management; experience with regulatory requirements; regulated industry experience.

Note: This role includes hybrid work and potential shifts.

Security Consultant - GRC

Posted 1 day ago

Job Description:

Overview: Security Consultant for Governance, Risk & Compliance (GRC) delivering ISO 27001, PCI-DSS, and related controls; engages with customers, delivering assessments and risk-based consulting.

Responsibilities/Outcomes:

  • Deliver consulting services; conduct information security assessments; awareness training.
  • Pre-sales support and engagement management; ensure SLA compliance and project governance.
  • Maintain security governance and risk programs; transfer skills to customers; ensure ISO 27001 alignment.

Required Experience:

  • 2-3 years IT/cybersecurity; 1-2 years in a GRC-focused role.
  • Experience in IT security assessments and audits; knowledge of standards (NIST CSF, ISO 27001, GDPR, ASD/ISM).
  • Professional certifications such as ISO 27001, CISSP, CISM, CISA, or equivalent are advantageous.

Personal Qualities:

  • Strong communication, adaptability, business alignment, and leadership potential.
Cyber Security Consultant (Deloitte/DCPDC/Other)

Posted 1 day ago

Job Description Summary:

Role involves security consulting across Deloitte projects including threat monitoring, incident response, and security governance with a hybrid/shifted work model; global client focus; emphasis on collaboration, training, and career development.

Key Responsibilities:

  • Threat Monitoring and Analysis using SIEM/EDR
  • Investigation and Root Cause Analysis
  • Security Tool Management; Reporting and Documentation
  • Collaboration and Support to strengthen security across the organization

Required/Preferred Experience:

  • 2-3+ years IT/cybersecurity; SIEM/EDR experience (Microsoft Sentinel or CrowdStrike preferred).
  • Knowledge of scripting/data analytics; regulatory familiarity (ISO 27001, NIST, GDPR, ASD/ISM).

Other Opportunities:

  • Hybrid schedule; training and certifications supported; mentoring and career progression.
SAP Security and GRC Roles

Location: Makati/Taguig/Jurisdictions in NCR

Selected roles:

  • SAP Security Consultant: SAP Authorization & Security; SAP S/4HANA and Fiori; SOX/JSOX compliance; access reviews; SAP BTP and HANA security; experience with ECC/GRC/BI/BOBJ.
  • SAP GRC Security Consultant: ECC/S/4HANA Security; MSMP workflows; BRF+; access controls and SOX/JSOX; BW/HANA security; HR security; roles and authorizations management; SOX/JSOX compliance.

Requirements (common):

  • 7+ years SAP security experience for some roles; 10-12 years for specialized GRC consultant.
  • Deep knowledge of SAP authorization concepts, role design, and SOD analysis.
  • Experience with SAP BTP, SAC, HANA security; knowledge of SAP modules MM/SD/BW/FI/CO/PP/PM/AGR I, GR, etc.
  • SOX/JSOX/ITGC familiarity; ability to work on on-site/Hybrid setups; willingness to travel.

Education:

  • Bachelor’s degree in information technology, engineering, or related field.

Locations noted: Makati City, Taguig City, NCR.

#J-18808-Ljbffr

  • , Metro Manila, Philippines GCash Full time

    Overview Join to apply for the Fraud & Security Risk Assessment Manager role at GCash . Responsibilities Develops a complete understanding of a company’s technology and information systems. Identify and communicate current and emerging cybersecurity and fraud threats and risks that are relevant to GCASH. Design cybersecurity and fraud management...


  • , Metro Manila, Philippines Buscojobs Full time

    Overview Security Consultant - GRC and SAP Security related roles in Manila with multiple postings across SAP GRC, SAP Security, and SAP Consultant positions. Responsibilities include governance, risk and compliance services, information security assessments, pre-sales support, and project delivery. Qualifications vary by role but generally require...


  • , Metro Manila, Philippines Optum Full time

    • Perform audits to identify control gaps and implement corrective action plans • Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) • Monitor compliance with corrective action plans, and address non-compliance issues appropriately • Demonstrate understanding of discovery technologies to...


  • , Metro Manila, Philippines Buscojobs Full time

    Information Security Risk Consultant / IT Compliance and Audit Posted today Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel...

  • Security Consultant

    1 week ago


    , Metro Manila, Philippines Buscojobs Full time

    Security Consultant Penetration Tester jobs in Manila, Metropolitan Manila Satellite Office Solutions Pty Ltd Posted today Job Description Role: Security Consultant The Security Consultant will work with the wider Consulting team, responsible for the development and delivery of Governance, Risk and Compliance services. This involves the end-to-end delivery...


  • Manila, National Capital Region, Philippines GCash Full time ₱900,000 - ₱1,200,000 per year

    Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation todayDevelops a complete understanding of a company's technology and information systems.Identify...

  • Security and Risk 3

    2 weeks ago


    , Metro Manila, Philippines Asurion Full time

    Asurion National Capital Region, Philippines Join or sign in to find your next job Join to apply for the Security and Risk 3 role at Asurion Asurion National Capital Region, Philippines 2 days ago Be among the first 25 applicants Join to apply for the Security and Risk 3 role at Asurion TheApplication SecurityEngineer will assist Asurion in developing...


  • , Metro Manila, Philippines Optum Full time

    Information Security Risk Consultant (ISO27001 and Auditing Experience) Optum National Capital Region, Philippines Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective...


  • , Metro Manila, Philippines Buscojobs Full time

    Sap Security Consultant Ph jobs in Manila Posted 1 day ago Job Description As the AVP for Internal Audit and Regulatory Response, you will help sustain the operational requirements of the Security and Architecture Group (SAG) - MNL Governance, Risk and Compliance, including the Audit and Controls Assurance function. Currently, these responsibilities are...


  • , Metro Manila, Philippines Buscojobs Full time

    Analyst Vendor Risk Management Location: Taguig / Mandaluyong, National Capital Region Salary: ₱ - ₱ Employer: Bank of Commerce (Philippines) Posted: 1 day ago Job Description Oversee employees, consultant, subsidiaries and vendor's compliance with ISPP regarding the security of the Bank's information assets; Monitor the adequacy and effectiveness of...