Cybersecurity Strategy, Risk, and Compliance Associate - Philippines, Pilipinas - SGV & Co.

    SGV & Co.
    SGV & Co. Philippines, Pilipinas

    1 linggo ang nakalipas

    Default job background
    Buong oras
    Paglalarawan

    Ready to take the leap forward Starting your professional career at SGV will unlock your potential to numerous possibilities. We offer a wide variety of fulfilling opportunities that span from all business disciplines. When you join us, we will support your professional development with a combination of training, hands-on learning, networking, experiences, and mentoring.

    At SGV, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help SGV become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

    The Exceptional SGV Experience. It's Yours to Build.

    The Opportunity

    We're looking for Associates with experience in cybersecurity security, governance, risk, and compliance.

    As part of our Cybersecurity Consulting team, you will help lead cyber transformation engagements to enhance the organization's security postures and identifies opportunities to improve organizational cybersecurity strategy, policy and governance. You will perform current state security assessments and supports target operating model definition; manages discussions and proposes approaches to aligning cybersecurity initiatives to strategic business objectives.

    You will help validate that our client's network, infrastructure, third parties, and applications are designed and implemented to the highest security standards and frameworks. To do this, you will be coordinating with security risk managers, architects, engineers, operations, and testers to assess, design, and implement security mitigation strategies.

    Our highly collaborative team is committed to each team member's growth as our business grows. You will have the opportunity to learn from and be mentored by our diverse cybersecurity team.

    Your key responsibilities

    You will work on various Security strategies, Risk and Compliance projects for our clients, or internal projects.

    Fraud & Security Risk Assessment and Privacy & Risk Assessment


    •You will perform the following: solution architecture design review, application security assessment, infrastructure security assessment, cloud security assessment, container security assessment, vendor risk assessment, privacy impact assessment threat modeling and risk assessment, identity and access management, firewall policy review, fraud risk assessment, security and fraud contract review, project management

    Information Security Assessment


    •Interviewing with relevant stakeholders


    •Performing analysis on security data and pieces of evidence to assist the IT and security teams in ensuring adherence to established IT security policies, architecture, and compliance with standards and protocols


    •Presenting gaps identified during assessments through preparation of technology risk reports for the IT department and senior leadership


    •Aligning with service owners on the outcome of assessments to frame proper risks with impact, likelihood and rating for compliance assessments


    •Updating risks identified in the risk management tool to register issues


    •Serving as the primary point of contact for all facets of information security assessments

    To qualify for the role, you must have

    Fraud & Security Risk Assessment and Privacy & Risk Assessment


    •A bachelor's degree in IT, computer science, computer engineering, management, business administration, or any related field


    •At least one (1) year of relevant experience in security design, architecture or operations covering any of the following: application security, infrastructure security, solution design, security architecture, software engineering, identity and access management


    •Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development


    •Good understanding of cloud security and modern architecture (microservices, serverless and automated delivery)


    •Familiarity with threat models and frameworks such as STRIDE, MITRE ATT&CK, CVSS, OCTAVE, OWASP Top 10


    •Excellent written and verbal technical communication skills


    •Working knowledge on NIST / CIS / ISO 27001


    •Relevant professional certification such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor or Lead Implementer


    •Ability to juggle many tasks and projects in a fast-moving environment


    •Experience with IAM concepts & technologies such as authentication, authorization, federation, administration, governance


    •Experience in working in consulting roles, interacting with clients, third parties or security vendors


    •Good understanding of cryptography as applied in security such as SSL and key management


    •Good understanding of web services, distributed systems or mobile applications


    •Good understanding of secure software development lifecycle, DevSecOps, agile method


    •Good understanding of cloud security and modern architecture


    •Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)


    •Has strong project management skills

    Information Security Assessment


    •Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or any related field that deals with information security and conducting risk assessments.


    •Professional entry-level cybersecurity certifications such as Certified in Cybersecurity (CC) or CompTIA Security+


    •A broad understanding of information security functions in areas such as governance, risk, compliance, and security infrastructure.


    •Working knowledge on industry standards and frameworks such as ISO 27001/27002, NIST, and CIS.


    •Knowledge of different types of cyber threats, vulnerabilities, attack vectors, and countermeasures.


    •Strong analytical and problem-solving skills to identify security gaps and propose recommendations.


    •Ability to handle both technical assessments (reviewing penetration testing and vulnerability assessments reports) and non-technical assessments (policy review, procedure evaluation).


    •Experience in conducting risk assessments and auditing of information systems.


    •Knowledge about data privacy laws and regulations like GDPR, HIPAA, etc.


    •Excellent communication and report writing skills to share findings and recommendations with stakeholders.

    What we offer

    We off a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:


    •Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.


    •Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.


    •Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.


    •Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.

    SGV | Building a better working world

    SGV exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

    In everything we do, we nurture leaders and enable businesses for a better Philippines.

    To learn more about our career offerings, please visit