IT Security Risk Assessment Officer

Metrobank Taguig, National Capital Region, Philippines Overview Here at Metrobank, we don’t simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. With Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation’s economic and social development. Position Position Title: Security Assurance and Assessment Officer Responsibilities Develop tactical plans and programs for the establishment and maintenance of the Bank’s third party information security risk management framework and ensure alignment with the enterprise risk framework Perform third party security, system security and information asset based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third party relationships to identify potential risk including the determination of risk mitigation strategies Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of information assets, processing facilities and connected services Role Exposure Prepare tactical plans and/or programs in the conduct of information, third party and system security risk assessments Identify the Bank’s critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships Review adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities Coordinate across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment Articulate security findings and risk remediation strategies through issuance of risk assessment report and track status of risk mitigation activities Maintain and update the security risk register including status of remediation activities Execute and monitor the accomplishment of risk assessment plans and programs Prepare clear risk assessment reports for non-technical audiences Track and follow up on the status of mitigation activities Maintain and track library of records and documentation Investigate applicable reported incidents related to information handling and data privacy Keep abreast of information, IT and third party security trends and regulatory changes and apply them in daily work Review the work of colleagues and provide guidance as needed Collaborate with the Department Head to implement programs for continuous improvement of the bank’s information security plans and strategies Perform other information security risk management and compliance duties as directed Qualifications Bachelor's Degree Experience in IT general controls and auditing, preferably with a strong background in system security risk assessments Ability to perform information security risk-based prioritization decisions, analyze business risk, and articulate complex risk trade-offs Experience in project security technical reviews and risk assessment Analytical and risk identification skills to analyze varied information security risks and develop recommendations Knowledge of security best practices and awareness of common and emerging threats Professional Certifications may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent Other Details Rank: Junior Officer Unit: Financial and Control Sector / Information Security Division / Security Quality Assurance and Risk Assessment Department Location: Metrobank Center, BGC, Taguig City #J-18808-Ljbffr