Skip to content

Senior Information Risk Consultant

Job Category:

Information Tech

Job Level:

Professional

Open Date:

15-Dec-2020

Location:

QUEZON CITY

Close date:

31-Jan-2021

Client Industry:

INSURANCE

Job Description and Qualification:

As an Information Security Consultant, you will:

  • Assess new vendors, technologies and systems
  • Help improve application security practices
  • Advise management on risks
  • Respond to security incidents
  • Manage security related initiatives
  • Promote an information security culture.

Responsibilities:

  • Lead project risk assessments from a technical security and information risk management perspective and advise management on risks. 
  • Assess current and potential vendors, new services, and new technologies from a technical security and information risk management perspective. 
  • Support security program activities like managing application security assessments (e.g., penetration tests, code security assessments), and providing application security consulting services to IT and other relevant partners and clients. 
  • Support operational security activities including oversight of ongoing segment specific security processes (e.g., incident response, ad hoc queries, periodic access reviews, and vulnerability management). 
  • Support the development and enforcement of global information security policies and standards; work with business units and technical teams to implement security policies and processes throughout the segment. 
  • Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and within information security discipline.                                                                                                                                             

Knowledge/Skills/Competencies/Education:

  • University degree in Computer Science, Information Technology, Software Engineering, Business Administration or relevant educational and professional experience.
  • Five years or more of experience working at an intermediate level role, or above, within a combination of relevant technical disciplines in the field of Information Security and Information Risk Management – can include technical assessment, vendor assessment, network security (including platform, application etc.), vulnerability management, and information protection.
  • Demonstrated commitment to the field of Information Security through current accreditation from SANS, ISC2 and/or ISACA (e.g. GSEC, CISSP, CISA, CRISC). Project management designation is an asset, but not required.
  • Deep knowledge of cloud computing security and IaaS, PaaS or SaaS environments.
  • Working experience in conducting risk assessments, required controls definition, control procedure appropriateness, security capabilities identification, is preferred.
  • Experience applying security frameworks (e.g. ISO 27001, COBIT), laws and standards (e.g. NIST, GDPR, Sarbanes-Oxley) is helpful, but not required.
  • Understand the business requirements and respond accordingly from information security standpoint.
  • Ability to work independently and as part of a team, managing multiple priorities within tight deadlines.
  • Good verbal and written communication, facilitation and interpersonal skills.
  • Influence behavior to reduce risks and foster a strong information security risk management culture.

Salary:

0.00