STRATEGIC STAFFING SOLUTIONS (S3)
Position: Cyber Risk Analyst
Work Set-Up: Hybrid (2x per week onsite)
Office Location: Makati, Philippines
Schedule: Day shift or Mid shift/Flexible with US overlaps
Cyber Risk Analyst
We are seeking a Cyber Risk Analyst who brings a solid technical foundation (networks, systems, cloud, logging/telemetry, vulnerability concepts) and can partner with senior cybersecurity SMEs to identify, assess, document, and track cyber risks. This role is ideal for someone who can translate technical evidence into risk language, support control assessments, and drive remediation follow-through across stakeholderswithout needing to be the deepest functional expert in every security domain.
Key job responsibilities
- Analyze security and operational signals (e.g., vulnerability results, incident/ticket trends, configuration findings, control gaps) and summarize impact, likelihood, and exposure in business-friendly terms.
- Execute and support control assessments by helping build assessment scope, collecting evidence, and documenting results; produce clear assessment write-ups that reflect whether controls are implemented and operating as intended
- Map findings to common frameworks (e.g., NIST SP 800-53 / NIST CSF / ISO 27001 / SOC 2) and maintain traceability between requirements, evidence, and remediation actions.
- Partner with engineering/operations teams to clarify technical details needed for risk acceptance, exceptions, and corrective action plans.
- Support third-party cyber risk activities: request and review artifacts (e.g., SOC reports, policies, IR/BCP documentation), track vendor remediation items, and document residual risk.
- Help maintain vendor risk profiles and coordinate assessments with Procurement, Legal, Privacy, and Security SMEs.
- Maintain risk registers, action logs, and control evidence repositories; ensure status is current, owners are clear, and deadlines are tracked.
- Drive operational rigor: follow up on open items, remove blockers, and escalate when risk treatment stalls.
- Contribute to process improvement: standardize templates, clarify procedures, and help improve repeatability of assessments and reporting.
Required qualifications / certifications
- 5+ years in cybersecurity, IT risk, GRC, SOC/operations, IT audit, or security engineering support (or equivalent practical experience).
- Working knowledge of: Networking fundamentals (TCP/IP, DNS, HTTP/TLS), common enterprise architectures, and how security controls apply, Operating system concepts (Windows/Linux basics), identity/access concepts, and logging/monitoring fundamentals.
- Ability to analyze technical outputs and artifacts (e.g., vulnerability scan results, SIEM searches/alerts, tickets, system configs) and convert them into clear risk statements and action plans.
- Strong documentation skills: ability to create clear reports, control narratives, and remediation tracking with attention to detail.
- Experience with common security and risk tooling such as GRC platforms and operational ticketing/reporting (ServiceNow and OneTrust).
- Exposure to network/security technologies (e.g., firewalls, VPN, secure web gateways, identity enforcement) and how they generate evidence/logs for risk decisions.
- Cloud fundamentals and/or environments (Azure/AWS), plus light scripting or data skills (SQL, basic automation) for reporting and analysis.
- Certifications (any of the following are a plus): Security+, Network+, AZ-900, ITIL, CRISC/CISA/CISM, ISO 27001 fundamentals.
