senior security analyst - governance risk and ComplianceABS-CBN Corporation
Workplace: MetroManila, Manila
Salary: Agreement
Work form: Full time
Posting Date: 23/12/2025
Deadline: 03/08/2023
Job Description
JOB RESPONSIBILITIES:
Provide Information Security Senior Level support and expertise in the following areas but not limited to:
Governance, Risk and Compliance (GRC), Assist the defensive team in Security Monitoring, Incident Response, Threat Hunting and Intelligence. Gather inputs from Offensive Security team (Vulnerability Management, Penetration Testing and Application Security Review) to enhance risk treatment and policies-and-standards development.
Performs risk assessment and provides recommendations cyber risk treatment strategies. Maintain and update the cyber risk register, monitor risk mitigation activities and reports risk profile of the organization. Update, review and develop information/cyber security policies, standards, guidelines, and procedures, making sure of its relevance and controls are in place for the emerging threat landscape.
Performs document review including but not limited to third party review, privacy and security assessments, contracts, scope of works ensuring compliance and controls are in place. Plans, execute and measure content protection and information security awareness campaign in alignment to policies, compliance, and regulatory requirement on the organization.
Assist in information security incident response, tracking risk mitigation and control implementation completion. Provides inputs to defensive security team to minimize incidents and gathers input from offensive security team to enhance risk mitigation and control implementation.
Perform other tasks that maybe assigned by CIS head like project management, access control management, compliance-audit review among others.
Performs risk assessment of new (projects, engagements, major changes) and existing systems.
Maintain and update the infosec risk register.
Reports (and escalate if needed) the risk profile of the organization.
Update, review and develop information/cyber/content security policies, standards, guidelines, and procedures.
Performs document review including but not limited to third party review, privacy and security assessments, contracts, scope of works ensuring compliance and controls are in place.
Plans, execute and measure content protection and information security awareness.
Reports the content and infosec awareness of the organization.
Works with other business units like Audit, Fraud Management and Technology Group to ensure policy compliance.
Act as a point of escalation for L1 Analysts in support of content and information security governance, risk and compliance issues.
Provide guidance and oversight on incident resolution, containment techniques, remediation, and recovery efforts.
Review and understand data collected from GRC metrics to recommend improvement initiatives.
Work with Content and Information Security Head to better security operations and address identified deficiencies.
Work with content protection team to automate and institutionalize content protection and anti-piracy activities.
Participate in evaluating, recommending, implementing controls, and troubleshooting security tools.
Other tasks that may be assigned by the CIS Head.
QUALIFICATIONS:
Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science, ECE or Computer Engineering
5 years or more experience in Information Security
Governance, Risk Management, Audit and Compliance Experience
Working knowledge with different standards and best practices (Example: ISO27XX, NIST CSF, CIS Controls, OWASP, MPAA, PCI-DSS, Cloud Security Alliance)
Working knowledge of different security architectures, standards, technologies, and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management.
Experience investigating security events, identifying threats and resolving vulnerabilities in large and complex environments.
Host-based and network analysis/forensics capability
Knowledge in Programming, SDLC, Agile, Shift Left, DevSecOps Methodology
Asset and Systems Inventory, Change Management Experience
Knowledge in Ethical hacking
Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
Advance knowledge of IT security and solid understanding of Information Security concepts, risk management and practices
People management skills
Excellent written and verbal communication and presentation skills.
Certifications may include CISM, CISA CRSC, CISSP, GSEC, CHFI, GCIH etc
JOB RESPONSIBILITIES:
Provide Information Security Senior Level support and expertise in the following areas but not limited to:
Governance, Risk and Compliance (GRC), Assist the defensive team in Security Monitoring, Incident Response, Threat Hunting and Intelligence. Gather inputs from Offensive Security team (Vulnerability Management, Penetration Testing and Application Security Review) to enhance risk treatment and policies-and-standards development.
Performs risk assessment and provides recommendations cyber risk treatment strategies. Maintain and update the cyber risk register, monitor risk mitigation activities and reports risk profile of the organization. Update, review and develop information/cyber security policies, standards, guidelines, and procedures, making sure of its relevance and controls are in place for the emerging threat landscape.
Performs document review including but not limited to third party review, privacy and security assessments, contracts, scope of works ensuring compliance and controls are in place. Plans, execute and measure content protection and information security awareness campaign in alignment to policies, compliance, and regulatory requirement on the organization.
Assist in information security incident response, tracking risk mitigation and control implementation completion. Provides inputs to defensive security team to minimize incidents and gathers input from offensive security team to enhance risk mitigation and control implementation.
Perform other tasks that maybe assigned by CIS head like project management, access control management, compliance-audit review among others.
Performs risk assessment of new (projects, engagements, major changes) and existing systems.
Maintain and update the infosec risk register.
Reports (and escalate if needed) the risk profile of the organization.
Update, review and develop information/cyber/content security policies, standards, guidelines, and procedures.
Performs document review including but not limited to third party review, privacy and security assessments, contracts, scope of works ensuring compliance and controls are in place.
Plans, execute and measure content protection and information security awareness.
Reports the content and infosec awareness of the organization.
Works with other business units like Audit, Fraud Management and Technology Group to ensure policy compliance.
Act as a point of escalation for L1 Analysts in support of content and information security governance, risk and compliance issues.
Provide guidance and oversight on incident resolution, containment techniques, remediation, and recovery efforts.
Review and understand data collected from GRC metrics to recommend improvement initiatives.
Work with Content and Information Security Head to better security operations and address identified deficiencies.
Work with content protection team to automate and institutionalize content protection and anti-piracy activities.
Participate in evaluating, recommending, implementing controls, and troubleshooting security tools.
Other tasks that may be assigned by the CIS Head.
QUALIFICATIONS:
Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science, ECE or Computer Engineering
5 years or more experience in Information Security
Governance, Risk Management, Audit and Compliance Experience
Working knowledge with different standards and best practices (Example: ISO27XX, NIST CSF, CIS Controls, OWASP, MPAA, PCI-DSS, Cloud Security Alliance)
Working knowledge of different security architectures, standards, technologies, and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management.
Experience investigating security events, identifying threats and resolving vulnerabilities in large and complex environments.
Host-based and network analysis/forensics capability
Knowledge in Programming, SDLC, Agile, Shift Left, DevSecOps Methodology
Asset and Systems Inventory, Change Management Experience
Knowledge in Ethical hacking
Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
Advance knowledge of IT security and solid understanding of Information Security concepts, risk management and practices
People management skills
Excellent written and verbal communication and presentation skills.
Certifications may include CISM, CISA CRSC, CISSP, GSEC, CHFI, GCIH etc
Submit profile
ABS-CBN Corporation
About the company
ABS-CBN Corporation jobs
Quezon City, Metro Manila
Dealer Product Supply Planning Analyst (DPSPA)
Castlekeep Holdings Inc.
MetroManila, Quezon, Quezon, ManilaAgreement
Renewals Manager - Bilingual (Spanish and English)
TSG Outsourcing
MetroManila, Manila, TaguigAgreement
Position senior security analyst - governance risk and Compliance recruited by the company ABS-CBN Corporation at MetroManila, Manila, Joboko automatically collects the salary of , finds more jobs on Senior Security Analyst - Governance Risk and Compliance or ABS-CBN Corporation company in the links above