Security & Privacy Analyst

Company: Cortico – Healthcare solutions for providers and patients

Are you passionate about security and privacy? Do you have a talent for aligning compliance frameworks with business goals, ensuring processes empower employees rather than burden them? If so, we'd love to meet you

We are seeking an Information Security & Privacy Compliance Manager to lead our efforts in maintaining strong security and privacy practices across the organization. This role requires a mix of technical know-how, strong written communication skills, and experience with privacy and security frameworks such as ISO 27001, SOC 2 Type 2, and HIPAA.

Responsibilities

• Lead Compliance Initiatives:
• Ensure compliance with ISO 27001, SOC 2 Type 2, and HIPAA standards.
• Design security processes and policies that align with real business needs and empower employees.
• Privacy and Security Governance:
• Maintain and improve privacy policies and practices in accordance with evolving regulations.
• Collaborate with teams to develop workflows that protect sensitive data while remaining practical and efficient.
• Vendor & Contractor Management:
• Manage relationships with security contractors, including pentesters, ensuring timely and thorough vulnerability assessments.
• Assess vendor compliance with internal security requirements and industry standards.
• Incident Response & Risk Management
• Oversee the identification, tracking, and resolution of vulnerabilities from internal and external assessments.
• Develop incident response protocols and lead tabletop exercises with cross-functional teams.
• Training & Communication:
• Deliver engaging security and privacy awareness training to internal teams.
• Draft clear, concise security policies and documentation that are easy for employees to understand and apply.

Required Skills and experience

• Excellent written communication skills:
• Ability to translate complex security and compliance topics into clear, actionable guidance for various audiences.
• Experience with privacy and security frameworks:
• In-depth knowledge of ISO 27001, SOC 2 Type 2, HIPAA, and other relevant frameworks.
• Practical experience aligning compliance work with business needs and minimizing friction for employees.
• Understanding of web application security:
• Familiarity with common web vulnerabilities and basic penetration testing concepts (e.g., OWASP Top 10, vulnerability scanning).
• Ability to manage security contractors, assess their deliverables, and interpret the results of pentests and security audits.
• Risk Management Expertise:
• Proven ability to assess risks, identify mitigation strategies, and prioritize initiatives for optimal business impact.
• Bonus Skills: Hands-on experience with penetration testing, threat modeling, or vulnerability management tools.

Nice to Have:

• Tier 2 (troubleshooting)
• Dev Ops (linux / deployment automation)
• Technical writing
• Proposal writing
• Compliance management
• Information security (pentesting / red teaming / NIST / vuln scanning)
• Design QA
• User research
• Data engineering
• QA testing
• Grant management

Why Join Us?

• A collaborative environment where security is seen as a business enabler, not a blocker.
• Opportunities to shape policies that not only ensure compliance but also help employees work more effectively.
• The chance to work with passionate teams committed to building secure, privacy-conscious solutions.

Benefits: https://countable-

Note: Your application must include a resume, and a cover letter. To avoid automated submissions, and to see if you pay attention to detail and follow instructions, your cover letter must be exactly 100 words.

Important: This job post is for a full-time position only. Before applying, please ensure you are available and interested in committing to a full-time work schedule and you don't plan to have other full-time engagement in another company.

Job Types: Full-time, Permanent

Pay: Php40, Php45,000.00 per month

Benefits:

• Company events
• Work from home

Application Question(s):

• Did you see this job on Cortico website? (Yes or No)
• Enter your cover letter here or submit a file, a cover letter is a requirement.

Education:

• Bachelor's (Preferred)

Experience:

• Risk Management Expertise: 1 year (Required)
• Vulnerability Management Tools: 1 year (Preferred)
• ISO 27001, SOC 2 Type 2, and HIPAA: 1 year (Required)
• Privacy and Security Governance: 1 year (Required)
• Vendor & Contractor Management: 1 year (Required)
• Incident Response & Risk Management: 1 year (Required)
• OWASP Top 10, vulnerability scanning: 1 year (Required)
• Penetration testing, Threat Modeling: 1 year (Preferred)

Language:

• English at a Professional or Business level (Required)
• English (Required)