IT Security Analyst

About First Focus

First Focus is Australia's leading Managed Service Provider, with a team of over 300 technical professionals across Australia, New Zealand, and the Philippines. For over 15 years, we've delivered exceptional IT services and solutions, growing consistently and profitably. Our commitment to innovation and excellence has led to the expansion of our cybersecurity and GRC (Governance, Risk, and Compliance) capabilities.

We're now seeking an IT Security Analyst (Governance) to join our dynamic and growing Security Consulting team. This is a unique opportunity for someone early in their cybersecurity career who is passionate about making a meaningful impact in the GRC space.

Why Join Us?

• Accelerate Your Career: Work in a high-performing, inclusive environment that supports your growth through structured learning, mentorship, and exposure to real-world security challenges.
• Be Empowered: We value your contributions and provide the tools, autonomy, and guidance to help you thrive.
• Collaborate with Experts: Join a team of top-tier engineers, consultants, and security professionals who are passionate about solving complex problems.
• Make Your Voice Heard: We foster a transparent, respectful culture where ideas are welcomed and innovation is encouraged.
• Work-Life Balance: Flexible work arrangements and a supportive team culture that prioritizes well-being.

Requirements

Role Overview

As an IT Security Analyst (Governance), you will play a key role in supporting our clients' cybersecurity programs, with a strong focus on GRC activities. You'll work closely with senior consultants and technical teams to help organizations strengthen their security posture, meet compliance requirements, and build resilient governance frameworks.

This role is ideal for someone who is technically curious, detail-oriented, and eager to grow into a strategic cybersecurity professional.

Key Responsibilities

• Assist in the development, review, and continuous improvement of security policies, procedures, and standards aligned with industry best practices.
• Support risk assessments, control evaluations, and internal/external compliance audits across various client environments.
• Collect, analyse, and interpret security metrics and evidence to support reporting, decision-making, and continuous improvement.
• Maintain and update documentation related to security controls, compliance activities and audit findings.
• Collaborate with technical teams to ensure operational alignment with GRC requirements and security frameworks.
• Coordinate and contribute to security awareness initiatives, training programs, and internal communications.
• Stay informed on evolving cybersecurity frameworks, regulatory requirements, and threat landscapes (e.g., ISO 27001, NIST CSF, Essential Eight, GDPR, APRA CPS 234).
• Participate in client engagements, workshops, and presentations to support the delivery of security consulting services.

Who You Are

We're looking for someone who is early in their cybersecurity journey but demonstrates a strong interest in GRC and a commitment to professional development.

You'll ideally bring:

• 3-5 years of experience in IT, cybersecurity, or compliance, preferably in a consulting or managed services environment.
• A foundational understanding of security frameworks such as ISO 27001, NIST CSF, or Essential Eight.
• Familiarity with Microsoft 365 security and governance tools, including Compliance Centre, Purview, and Defender.
• Strong documentation, communication, and analytical skills, with attention to detail and a structured approach to problem-solving.
• A proactive mindset, willingness to learn, and ability to work independently and collaboratively.
• Experience with ticketing systems, reporting platforms, and basic project coordination.

Desirable Qualifications & Skills

• Certifications such as CompTIA Security+, ISO 27001 Foundations, ISC2 CC / SSCP / CISSP, or ISACA CISA / CISM.
• Exposure to GRC platforms.
• Knowledge of ITIL, COBIT, or other IT governance frameworks.
• Experience supporting security audits, vendor risk assessments, or third-party compliance reviews.

Benefits

First Focus' values are based around keeping everyone informed, aligned, supported, and rewarding performance. Some examples of this include:

• First Focus understands the importance of flexibility for a satisfying work-life balance, which is why we offer hybrid working arrangements.
• 'Never Stop Growing' is deeply embedded in our DNA - we offer 1 paid study day every month and support employees towards certifications and qualifications - we will pay for the exam and will also give you a pay rise for achieving certs (conditions apply, of course)
• HMO from the first day of your employment
• Addition of one (1) dependent (e.g., your spouse) to the Company's HMO policy (which includes medical coverage plus dental benefits package) on the first day of your employment
• All employees have free access to Uprise, including 1:1 coaching sessions from qualified psychologists or counselors
• Dayshift, weekends off* plus25 days paid days leave annually
• Employee Referral Program (Php 20,000)
• Employee MVP Award (Php 10,000)
• Social events, End of Financial Year and Christmas
• Employee Profit Sharing*
• Loyalty bonus for long-term employees*

Career Path & Development

This role offers a clear pathway into more senior positions within our Security Consulting practice, including:

• Security Consultant (GRC or Technical)
• Risk & Compliance Analyst
• Cybersecurity Project Manager

We'll support your growth through certifications, hands-on experience, and mentorship from seasoned professionals.

Office Address:

• 29th Floor, Robinsons Cyberscape Gamma, Topaz Road, Ortigas Pasig City Metro Manila Philippines
• 26th floor, Axis Tower One Building, Filinvest Ave, Alabang, Muntinlupa

Additional Information

• Opportunity to work from home. If you are residing within Metro Manila or in other nearby provinces, a hybrid work set-up will apply.
• Salary will depend on the evaluation of candidate's values, skills and experiences.

*Terms and condition apply