Cybersecurity Strategy, Risk, and Compliance Senior Consultant

2 days ago


Makati City, National Capital Region, Philippines SGV & Co. Full time ₱180,000 - ₱300,000 per year

SGV is the largest professional services firm in the Philippines. In everything we do, we nurture leaders and enable businesses for a better Philippines. This Purpose is our aspirational reason for being that ignites positive change and inclusive growth.

Our multidisciplinary teams work across a full spectrum of services in assurance, tax, strategy and transactions, and consulting. Enabled by data, AI and advanced technology, we help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

At SGV, we develop you with future-focused skills and equip you with world-class experiences. We empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams.

The opportunity

We're looking for a Senior Consultant for Cybersecurity Strategy, Risk, and Compliance with

expertise in cybersecurity security, governance, risk, and compliance.

As part of our Cybersecurity Consulting team, you will help lead cyber transformation

engagements to enhance the organization's security postures and identifies opportunities to

improve organizational cybersecurity strategy, policy and governance. You will perform current

state security assessments and supports target operating model definition; manages

discussions and proposes approaches to aligning cybersecurity initiatives to strategic business

objectives.

You will help validate that our client's network, infrastructure, third parties, and applications

are designed and implemented to the highest security standards and frameworks. To do this,

you will be coordinating with security risk managers, architects, engineers, operations, and

testers to assess, design, and implement security mitigation strategies. You will assess and

advise on security and privacy frameworks, security policies, processes, and governance for

conformance against security standards, industry practices, and regulatory obligations.

You will mentor team members and be a security thought leader for the organization. Our

highly collaborative team is committed to each team member's growth as our business grows.

You will have the opportunity to learn from and be mentored by our diverse cybersecurity

team.

Your Key Responsibilities

You will work on various Security strategies, Risk and Compliance projects for our clients, or internal projects.

1) As a team leader or team member, execute cyber security strategy, risk, and compliance

projects with varying levels of complexity based on a defined approach and methodology.

This may include:

a) Conducting cyber transformation engagements to enhance security postures

b) Conducting a maturity assessment and designing a security roadmap

c) Performing security assessment of new and existing applications, vendors, or infrastructure

d) Evaluating the compliance of clients against security standards such as ISO27001, NIST CSF, PCI DSS

e) Developing policy, standards and standard operating procedures

f) Conducting information risk assessments (e.g., Crown Jewel identification and Risk

Classification) and proposes appropriate mitigation strategies

g) Designing cybersecurity dashboards

2) Provide guidance, coordinate and support teammates to execute the security strategy, risk and compliance projects

3) Guide and review your peers and junior team members and provide timely and constructive feedback

4) Prepare reports, documents and schedules that will be delivered to clients and other parties

5) Conduct research to provide value adding advice to the client

6) Contribute ideas with the team to complete and improve project output

7) Help in performance reviews and contribute to performance feedback for staff/junior level team members

8) Develop positive relationship with client personnel, peers and management

9) Join and facilitate internal and external training, mentoring, learning and certification opportunities

10) Participate in organization-wide people initiatives

Skills and attributes for success

A successful candidate will need a combination of technical and communication skills, as well as

the ability to handle a mix of disparate tasks.

1) Technical knowledge. Able to demonstrate and apply security concepts; knowledge of system and application security threats and vulnerabilities; current and emerging threats/threat vectors; principles used to manage risks related to the use, processing, storage, and transmission of information or data; incident response and handling methodologies; methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities; the risk associated with new and emerging information technology (IT) and cybersecurity technologies

2) Mentoring. Able to guide and coach team members in career progression and service

delivery

3) Teaming. Able to build relationships across business and promoting a collaborative culture

across teams

4) Client relationship. Able to build deep relationship with clients to understand their challenges better and align the right solutions

5) Innovative and transformative mindset. Able to understand complex problems and respond

with innovative and transformative solutions

6) Communication and presentation skills. Able to deliver high quality deliverables articulated in written reports and communicated during presentations to both IT and business audiences.

7) Project management. Able to apply project management skills to deliver service within time, cost and scope

To qualify for the role, you must have:

1) A bachelor's degree in IT, computer science, computer engineering, management, business

administration, or any related field

2) At least five (5) years of relevant experience in cybersecurity, risk management, compliance management, or internal audit with hands-on experience in auditing, testing, assessing, designing, or implementing cybersecurity frameworks or regulations such as ISO 27001, PCI DSS, HIPAA, HITRUST, GDPR, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, security-related BSP circulars

3) Familiarity with security assurance reports such as ISO 27001 certificates, SOC1, SOC2, PCI DSS AOC reports

4) Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development

5) Proficient in leading and coaching teams

6) Strong communication and presentation skills

7) Desire to learn new techniques, frameworks, and technologies

8) Willingness to take cybersecurity certifications and external training

Optionally, you also have

1) Relevant professional certification such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor

or Lead Implementer

2) Experience in working in consulting roles, interacting with clients, third parties or security vendors

3) Good understanding of web services, distributed systems or mobile applications

4) Good understanding of secure software development lifecycle, DevSecOps

5) Good understanding of cloud security and modern architecture

6) Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)

7) Experience in working with GRC Technologies

SGV | Building a better working world.

SGV is the largest professional services firm in the Philippines. In everything we do, we nurture leaders and enable businesses for a better Philippines. This Purpose is our aspirational reason for being that ignites positive change and inclusive growth.

Our multidisciplinary teams work across a full spectrum of services in assurance, tax, strategy and transactions, and consulting. Enabled by data, AI and advanced technology, we help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

All in to shape the future with confidence.

SGV & Co. is a member firm of Ernst & Young Global Limited. EY refers to the global organization, and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Fueled by sector insights, a globally connected, multidisciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit

2024 SyCip Gorres Velayo & Co.

All Rights Reserved.



  • Mandaluyong City, National Capital Region, Philippines Workstreet Full time

    Join to apply for the Senior Cybersecurity Compliance Manager role at Workstreet.At Workstreet, we're on an exciting journey to help businesses scale securely by building and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in compliance frameworks like SOC 2, ISO 27001, and GDPR, empowering companies to...

  • Risk Consulting

    3 days ago


    Makati City, National Capital Region, Philippines SGV & Co. Full time $80,000 - $120,000 per year

    SGV Risk ConsultingIn Risk Consulting, we assist organizations in identifying, assessing, and managing risks to protect their assets and achieve their strategic objectives. Our services include third party risk assessments and management, risk assessment, internal audit, compliance, and cybersecurity. We provide tailored solutions to mitigate potential...


  • Makati City, National Capital Region, Philippines Your Employee Offshore ( Yempo ) Inc. Full time $90,000 - $120,000 per year

    We have an exciting day shift, opportunity available for a Senior Cybersecurity Consultant. Work from home or the office - you chooseWhen you join Yempo, you'll receive the following fantastic benefits:Highly competitive salary – paid weeklyHMO enrollment on commencementAdditional HMO dependents added each year of service20 vacation days per year; 7 sick...


  • Makati City, National Capital Region, Philippines Your Employee Offshore ( Yempo ) Inc. Full time $80,000 - $100,000 per year

    We have an exciting day shift, opportunity available for a Senior Cybersecurity Consultant. Work from home or the office - you chooseWhen you join Yempo, you'll receive the following fantastic benefits:Highly competitive salary – paid weeklyHMO enrollment on commencementAdditional HMO dependents added each year of service20 vacation days per year; 7 sick...


  • Makati City, National Capital Region, Philippines Indra Full time ₱1,920,000 - ₱2,400,000 per year

    NOTE: We are looking to fill Junior and Mid positions.Role PurposeThe Financial Risk Consultant/Analyst will support a Clients to design and implement financial risk programs. This includes but not limited to credit risk policies, fund sourcing frameworks, liquidity monitoring, stress testing, and collections policy development. The focus is on drafting...


  • Makati City, National Capital Region, Philippines Strategic Staffing Solutions Full time

    OverviewCybersecurity Policy and Governance AnalystWe are looking for a Cybersecurity Policy and Governance Analyst to develop, maintain, and govern cybersecurity policies, standards, and controls. This role ensures compliance with regulatory requirements and industry benchmarks, while aligning with organizational goals. The analyst will promote awareness,...


  • Makati City, National Capital Region, Philippines HR Network Inc. Full time ₱1,500,000 - ₱3,000,000 per year

    Job responsibilities:Conducts risk assessments for various departments and functions, analyzing potential business impact due to loss of digital systemsIdentify, analyze, and evaluate digital systems and data related risks, including potential threats, vulnerabilities, and impacts on business continuityDevelop and implement risk mitigation strategies and...


  • Makati City, National Capital Region, Philippines Strategic Staffing Solutions Full time

    OverviewWe are seeking a Cybersecurity Assurance Analyst to help drive execution of cybersecurity initiatives, close capability gaps, and strengthen collaboration between technical and business teams. This role promotes awareness, monitors progress, and ensures alignment with cybersecurity policies, standards, and controls to protect the organization from...


  • Makati City, National Capital Region, Philippines PJ Lhuillier Group of Companies Full time ₱2,000,000 - ₱2,500,000 per year

    The position is primarily responsible for leading and managing the organization's cybersecurity strategy to ensure the confidentiality, integrity, and availability of digital information. The position is also responsible for overseeing the security engineering, governance, compliance, security operations, security testing, and identity and privilege access...


  • Makati City, National Capital Region, Philippines Rockwell Land Corporation Full time $90,000 - $120,000 per year

    Job Summary:The Cyber Security Risk Officer is responsible for identifying, assessing, mitigating, and monitoring cyber risks across the organization. This role ensures the company's digital assets, infrastructure, and data are protected from internal and external cyber threats. The officer collaborates with IT, legal, compliance, and business units to...