Consultant - risk & security assessments (lead level)HCM Nexus
Workplace: MetroManila, Manila, Makati
Salary: Agreement
Work form: Full time
Posting Date: 08/06/2025
Deadline: 19/05/2025
About the job Consultant - Risk & Security Assessments (Lead Level)Job Summary:We are seeking a detail-oriented and analytical Risk & Security Consultant to support and lead information security assessments across enterprise environments. This role will focus on identifying, evaluating, and mitigating security risks through structured assessments and consulting engagements. Depending on experience, this position can be scoped as Junior Lead Consultant or Lead Consultant, with increasing responsibility over project delivery, client engagement, and team mentoring.The ideal candidate will bring a solid foundation in IT risk, cybersecurity frameworks, and control evaluation, along with strong interpersonal and documentation skills.Key Responsibilities:
Conduct risk and security assessments across applications, infrastructure, third-party vendors, and internal controls.
Evaluate and document risk exposure, security posture, and compliance against established frameworks (e.g., ISO 27001, NIST, CIS, COBIT).
Prepare detailed assessment reports, including identified risks, control gaps, and actionable recommendations.
Support the development and implementation of risk mitigation strategies and remediation plans.
Collaborate with cross-functional teams including IT, legal, compliance, and business stakeholders to understand and align security requirements.
Lead or contribute to the planning and execution of security assessments, audits, and readiness reviews.
Stay up to date with current threat landscapes, emerging risks, and relevant regulatory changes.
Support the preparation of risk dashboards and management reports.
Qualifications:
Bachelors degree in Information Security, Computer Science, Information Systems, or a related field.
4-7 years of experience in information security, IT audit, or risk management roles.
Strong knowledge of risk and control frameworks such as ISO 27001, NIST, SOC 2, PCI-DSS, or similar.
Experience in performing or leading security assessments, audits, or third-party risk reviews.
Familiarity with governance, risk, and compliance (GRC) tools is an advantage.
Excellent written and verbal communication skills with the ability to present technical findings to non-technical audiences.
Detail-oriented and highly organized, with the ability to manage multiple assessments simultaneously.
Preferred Certifications:
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
ISO 27001 Lead Implementer / Lead Auditor
CompTIA Security+ or equivalent foundational cert
HCM Nexus
Conduct risk and security assessments across applications, infrastructure, third-party vendors, and internal controls.
Evaluate and document risk exposure, security posture, and compliance against established frameworks (e.g., ISO 27001, NIST, CIS, COBIT).
Prepare detailed assessment reports, including identified risks, control gaps, and actionable recommendations.
Support the development and implementation of risk mitigation strategies and remediation plans.
Collaborate with cross-functional teams including IT, legal, compliance, and business stakeholders to understand and align security requirements.
Lead or contribute to the planning and execution of security assessments, audits, and readiness reviews.
Stay up to date with current threat landscapes, emerging risks, and relevant regulatory changes.
Support the preparation of risk dashboards and management reports.
Qualifications:
Bachelors degree in Information Security, Computer Science, Information Systems, or a related field.
4-7 years of experience in information security, IT audit, or risk management roles.
Strong knowledge of risk and control frameworks such as ISO 27001, NIST, SOC 2, PCI-DSS, or similar.
Experience in performing or leading security assessments, audits, or third-party risk reviews.
Familiarity with governance, risk, and compliance (GRC) tools is an advantage.
Excellent written and verbal communication skills with the ability to present technical findings to non-technical audiences.
Detail-oriented and highly organized, with the ability to manage multiple assessments simultaneously.
Preferred Certifications:
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
ISO 27001 Lead Implementer / Lead Auditor
CompTIA Security+ or equivalent foundational cert
HCM Nexus
Other Info
Makati City, Metro Manila
Permanent
Full-time
Permanent
Full-time
Submit profile
HCM Nexus
About the company
HCM Nexus jobs
Metro Manila
Senior Information Security Engineering Consultant - Governance Risk and Compliance
UnitedHealth Group
MuntinlupaAgreement
Lead Consultant - Data Architecture & Engineering (GDC) - WFH
TASQ Staffing Solutions
MetroManila, Manila, MakatiAgreement
Lead Consultant for the Gender Equality and Social Inclusion (GESI) Analysis of Justice Zones
IDLO - International Development Law Organization
MetroManila, ManilaAgreement
MetroManila, ManilaAgreement
MetroManila, ManilaAgreement
Position Consultant - risk & security assessments (lead level) recruited by the company HCM Nexus at MetroManila, Manila, Makati, Joboko automatically collects the salary of , finds more jobs on Consultant - Risk & Security Assessments (Lead Level) or HCM Nexus company in the links above