Vulnerability Assessment

Vulnerability Assessment & Management Head (Senior Officer)

Makati, NCR, Philippines Information Security & Data Protection Office

About the Job

Corporate Title: Senior Manager to Assistant Vice President

Work Arrangement: Hybrid

Our Information Security & Data Protection Office team is looking for experienced professionals to join us in Makati City with the role of Vulnerability Assessment & Management Head.

In this role, you will lead and advise on Information Security initiatives, overseeing a team to develop and execute cutting-edge vulnerability and threat management services across key assets. You will manage a group of security professionals to conduct advanced testing and scanning methodologies, ensuring the security of systems, platforms, and applications within defined timelines.

At EastWest, we empower our employees to drive their careers and are committed to providing the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team in a workplace that promotes development and goal attainment.

Over 29 years, EastWest has emerged as one of the most consumer-focused universal banks in the Philippines. EastWest is committed to continuously invest in people and in process, product, and service enhancements, embracing new ideas to enhance the EastWest experience.

What the Role Will Entail

• Manage the provision of team direction and establish individual goals and objectives to ensure the effective performance of the red team. Coach and mentor staff to foster their professional development and ensure their performance goals are met.
• Manage the execution of vulnerability assessment and penetration testing (VAPT) activities against a wide range of platforms, infrastructure, and applications. Oversee the identification and documentation of potential vulnerabilities to enhance the organization's cybersecurity posture.
• Ensure the inclusion of appropriate security controls in the design and development of new projects and/or key changes and conduct vetting processes to ensure adequate mitigation of vulnerabilities.
• Manage the development and implementation of innovative testing methodologies, tactics, techniques, and procedures to ensure the red team remains ahead of evolving attacker techniques.
• Manage the preparation and delivery of comprehensive and well-documented reports highlighting identified vulnerabilities, including detailed mitigation strategies and recommendations for improvement.
• Develop, implement, and execute industry-leading vulnerability & threat management services, vulnerability remediation, and patch management oversight across the enterprise.
• Manage risk-based vulnerability prioritization, reporting, and developing remediation steps.
• Manage workshop processes and runbooks for vulnerability identification, analysis, remediation, and reporting.
• Manage planning and execution of corporate vulnerability assessments and penetration testing engagements.
• Analyze threat and vulnerability feeds and analyze data for applicability in the environment.
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness.
• Manage executive-level reporting and maintenance of a threat database.
• Provide regular reports on the state of system security, threats, vulnerabilities, and patch management to all stakeholders.

What We're Looking For

• Bachelor's Degree in ICT, Computer Science, or a related course.
• Multiple Professional Security certifications (i.e., CISSP, CISM, etc.) required.
• Proven track record in PCI-DSS, ISO27001, NIST Cybersecurity Framework, and Data Privacy program implementation experience.
• At least 5 years of work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or a related role, ideally gained from the banking industry or similar environment.
• Proficiency with VAPT tools such as Kali Linux, Tenable, Rapid 7, Metasploit, Burp Suite, Qualys, Nmap, etc.
• Experience in managing small to mid-size teams and demonstrable people leadership skills.
• Knowledge of vulnerability scanning, source code analysis, advanced network protocol manipulation, and custom penetration testing tool creation.
• Strong understanding of Networking (TCP/IP, SSH, SFTP, VPN, Firewalls, Routers, etc.) and Server and workstation operating systems (Windows, Linux, etc.).
• Excellent verbal and technical writing communication skills.

What You Can Expect from Joining Our Team

• Career development and training opportunities.
• Competitive salary package and benefits.
• Performance-based incentives and recognition programs to reward high-performing individuals.
• Opportunity to work with industry experts and be mentored by them.
• Defined career progression paths to guide you in your professional growth.

#J-18808-Ljbffr

---