Risk And Security Assessment Consultant

Job descriptions and qualifications provided below have been reformatted for clarity and corrected structure while preserving the original information.

Security Risk Assessment Consultant

Location: Mandaluyong, National Capital Region
Salary: ₱ - ₱
Employer: Bank of Commerce (Philippines)

Job Summary:

• Oversee employees, consultants, subsidiaries and vendors' compliance with ISPP regarding the security of the Bank's information assets.
• Monitor the adequacy and effectiveness of internal control systems to minimize operations risk and identify avoidable exposures.
• Provide effective risk assessments to ensure the soundness of information technology and provide consulting to improve the risk management process of the organization.

Job Description:

• Maintain good working relationships with unit management and meet with Group Heads or senior bank management to explain information pertaining to adequacy, effectiveness and efficiency of internal control systems to mitigate risks identified.
• Develop and maintain relationships with professional associations/individuals to exchange information on emerging technical issues and risk engines.
• Facilitate periodic risk assessments following ACES and ISRA methodologies of bank information assets.
• Conduct or review complex risk assessments of functions, identify risk concerns, recommend mitigating controls, and report deficiencies.
• Recommend strategies and programs related to the Bank's Information Security.
• Provide consulting on IT risks and information security issues across bank processes, policies and procedures.
• Ensure adequacy and relevance of Information Security Policies and Procedures; oversee adherence to security policy and report breaches.
• Develop or enhance the risk assessment program on information security and privacy; provide continuing education and advisory for Bank personnel.
• Participate in Business Continuity Planning and assist in vulnerability assessment and third-party penetration testing exercises; monitor resolution of findings.
• Keep abreast of latest security regulations and vulnerabilities; prepare information for management reporting.

Job Qualifications:

• 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
• 2-3 years in supervisory or leadership role managing risk assessments, audits, or compliance activities.
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls).
• Proficiency in risk management methodologies (ISRA, RCSA, SASRA) including risk registers and heatmaps.

Security Risk Assessment Analyst

Location: Mandaluyong, National Capital Region

Job Description:

• Perform risk assessment for in-flight projects; identify risks and provide recommendations to ensure cybersecurity standards and best practices compliance.
• Collaborate with project managers and team on security requirements and risk mitigation strategies.
• Ensure timely delivery of security assessment reports; monitor SLOs and risk mitigation progress.
• Facilitate risk acceptance reviews for requirements that cannot be implemented in time for production.
• Stay informed on threats and vulnerabilities; provide mentorship to risk assessment analysts.
• Support requirements for risk management tools (e.g., GRC, third-party risk management).

Technical Competencies:

• Knowledge of operating systems and networking; cloud knowledge desirable.
• Familiarity with NIST CSF, ISO-27001, CIS Controls.
• Risk-based approach to security assessments; some project management experience; basic threat modeling (e.g., STRIDE).

Qualifications:

• Bachelor’s degree in Computer Science/Engineering/IT or related; 4-5 years in Security Risk Management or related IT roles.
• Excellent verbal/written communication; critical thinking; strong leadership.
• Relevant certifications preferred (CISSP, CISM, CISA, CRISC, ISO-27000).

IT Security Risk Assessment Officer

Posted 1 day ago

Job Summary/Responsibilities:

• Develop and maintain the Bank’s third-party information security risk management framework; ensure alignment with enterprise risk framework.
• Perform third-party security, system security and information asset risk assessments; analyze bank processes and networks for risk and determine mitigating strategies.
• Review complex security implementations in production for risk and compliance; recommend controls.
• Coordinate across business units and stakeholders; prepare risk assessment reports; track remediation and maintain security risk registers.
• Lead information security policy development and ensure adherence to ISO27001, PCI-DSS, NIST, and other applicable standards.

Qualifications:

• Bachelor’s Degree; experience in IT general controls and IT security risk assessments.
• Ability to prioritize risks, articulate business risk trade-offs, and communicate with executives.
• Professional certifications such as CISA, CISM, CRISC, PCI-DSS, ISO-27001 are a plus.

Security Consultant

Posted 1 day ago

Job Description Summary:

Introduction: Work in IBM Consulting Delivery Centers delivering cyber security services to global clients. Roles include Security Consultant with focus on endpoint security, data loss prevention (DLP), incident response, risk assessments, and security governance.

Responsibilities:

• Endpoint Security & DLP management: design, implement, and manage endpoint security and DLP; configure policies; ensure coverage.
• Incident Response & Assessments: respond to incidents, conduct control assessments, monitor data usage, support audits.
• Security Excellence: stay informed on threats; develop documentation; conduct user awareness.

Required Expertise:

• Experience with endpoint and DLP tools (CrowdStrike, Trend Micro, Forcepoint DLP, Splunk/Microsoft Purview, etc.).
• OS knowledge (Windows/macOS/Linux); data protection controls and incident response.
• Familiar with PDPA, GDPR, HIPAA, NIST, ISO 27001; security certifications preferred.

Preferred:

• Hands-on enterprise DLP policy management; experience with regulatory requirements; regulated industry experience.

Note: This role includes hybrid work and potential shifts.

Security Consultant - GRC

Posted 1 day ago

Job Description:

Overview: Security Consultant for Governance, Risk & Compliance (GRC) delivering ISO 27001, PCI-DSS, and related controls; engages with customers, delivering assessments and risk-based consulting.

Responsibilities/Outcomes:

• Deliver consulting services; conduct information security assessments; awareness training.
• Pre-sales support and engagement management; ensure SLA compliance and project governance.
• Maintain security governance and risk programs; transfer skills to customers; ensure ISO 27001 alignment.

Required Experience:

• 2-3 years IT/cybersecurity; 1-2 years in a GRC-focused role.
• Experience in IT security assessments and audits; knowledge of standards (NIST CSF, ISO 27001, GDPR, ASD/ISM).
• Professional certifications such as ISO 27001, CISSP, CISM, CISA, or equivalent are advantageous.

Personal Qualities:

• Strong communication, adaptability, business alignment, and leadership potential.

Cyber Security Consultant (Deloitte/DCPDC/Other)

Posted 1 day ago

Job Description Summary:

Role involves security consulting across Deloitte projects including threat monitoring, incident response, and security governance with a hybrid/shifted work model; global client focus; emphasis on collaboration, training, and career development.

Key Responsibilities:

• Threat Monitoring and Analysis using SIEM/EDR
• Investigation and Root Cause Analysis
• Security Tool Management; Reporting and Documentation
• Collaboration and Support to strengthen security across the organization

Required/Preferred Experience:

• 2-3+ years IT/cybersecurity; SIEM/EDR experience (Microsoft Sentinel or CrowdStrike preferred).
• Knowledge of scripting/data analytics; regulatory familiarity (ISO 27001, NIST, GDPR, ASD/ISM).

Other Opportunities:

• Hybrid schedule; training and certifications supported; mentoring and career progression.

SAP Security and GRC Roles

Location: Makati/Taguig/Jurisdictions in NCR

Selected roles:

• SAP Security Consultant: SAP Authorization & Security; SAP S/4HANA and Fiori; SOX/JSOX compliance; access reviews; SAP BTP and HANA security; experience with ECC/GRC/BI/BOBJ.
• SAP GRC Security Consultant: ECC/S/4HANA Security; MSMP workflows; BRF+; access controls and SOX/JSOX; BW/HANA security; HR security; roles and authorizations management; SOX/JSOX compliance.

Requirements (common):

• 7+ years SAP security experience for some roles; 10-12 years for specialized GRC consultant.
• Deep knowledge of SAP authorization concepts, role design, and SOD analysis.
• Experience with SAP BTP, SAC, HANA security; knowledge of SAP modules MM/SD/BW/FI/CO/PP/PM/AGR I, GR, etc.
• SOX/JSOX/ITGC familiarity; ability to work on on-site/Hybrid setups; willingness to travel.

Education:

• Bachelor’s degree in information technology, engineering, or related field.

Locations noted: Makati City, Taguig City, NCR.

#J-18808-Ljbffr

---