Position: Security Assurance and Assessment Officer
Level: Junior Officer (Exp: 3 to 7 Years)
Location: Taguig
Work Setup: Onsite
Role Overview
This position focuses on Information Security Risk Management, particularly:
- Third-party/vendor security risk assessments
- System and application security assessments
- Threat modeling and risk analysis
- Security governance and compliance
- Risk reporting and remediation tracking
- Information security policy development and review
Key Responsibilities
- Conduct security assessments for systems, applications, and vendors.
- Evaluate threats, vulnerabilities, and security controls.
- Perform third-party security reviews and monitor vendor security performance.
- Maintain security risk registers and track mitigation efforts.
- Prepare and present risk assessment reports.
- Support compliance with regulatory requirements and security standards.
- Investigate information security and data privacy incidents.
- Monitor emerging security threats and regulatory changes.
- Coordinate with business units and stakeholders throughout assessment activities.
Required Knowledge & Skills
- Information Security Governance
- Risk Assessment and Risk Management
- Third-Party Risk Management (TPRM)
- Network Security and Application Security
- Security Controls Assurance
- Compliance and Regulatory Requirements (BSP, DPA, PCI-DSS)
- Risk Reporting and Documentation
- Project Management
- Stakeholder Management and Communication
Preferred Certifications
- CISA
- CISM
- CRISC
- PCI-DSS related certifications
Who Would Be a Strong Fit
Candidates with experience in:
- Information Security
- Cybersecurity Governance
- IT Audit
- Risk & Compliance
- Security Assurance
- Vendor Risk Management
- GRC (Governance, Risk, and Compliance) functions
This role is more security governance, risk, and compliance (GRC) than hands-on penetration testing or SOC operations. It suits someone who enjoys assessing risks, reviewing controls, working with stakeholders, and ensuring regulatory compliance.
