Description
Blended Work Arrangement (WOS & WFH) - SHAW/ Makati
Performs periodic internal auditing activities to meet PCI DSS and SOC2 standards, including, but not limited to vulnerability assessments, access control reviews, documentation of periodic IT activities, and internal risk assessments in collaboration with Business Compliance Transformation (BCT) team stakeholders.
Assists with external audit evidence gathering through continual management of requisite documentation.
Review, document, and periodically communicate remediation and corrective actions identified during audit activities.
Gathers information by examining records, documents, and configuration settings pertinent to the security of system environments.
Assists in follow-up process on security alerts, including, but not limited to
those generated through Data Loss Prevention (DLP) monitoring.
Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Participates in certification and accreditation process, including by not limited to PCI DSS and SOC2 audit and compliance.
Coordinates with external assessor or auditor on gap assessments and ensure remediation efforts are on-schedule for certification completion.
Develops auditing processes to evaluate if compliance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Recommends improvements to security controls, both organizational and technical.
Collaborates effectively with IT department to ensure alignment between corporate objectives, technical controls, and organizational controls that impact information security.
Makes recommendations on revisions to policies and procedures related to information security, system hardening, network security, and access control.
Other ad hoc tasks as needed
Job Requirements:
Certifications pertinent to the role preferred, such as Certified Information Security Auditor (CISA), CompTia Security+, or SANS GIAC Security Essentials (GSEC).
Candidate must possess a Bachelor's degree in Information Technology or a related field.
Understands security standards and cybersecurity risk management frameworks, such as PCI DSS, NIST CSF, and ISO27001.
Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
Ability to write command-line scripts to monitor security configurations.
Knowledge of information security implementations (e.g., firewalls, demilitarized zones, encryption).
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Can easily transition to a fast-paced environment, must be able to learn new concepts quickly that affect the security posture of the company.
Meticulous, attentive to quality and details
Requirements
Minimum education level: Bachelor ́s Degree
Years of experience: 3
Language(s): English
Availability for travel: Yes
Availability for change of residence: Yes
People with disabilities: Yes
Blended Work Arrangement (WOS & WFH) - SHAW/ Makati
Performs periodic internal auditing activities to meet PCI DSS and SOC2 standards, including, but not limited to vulnerability assessments, access control reviews, documentation of periodic IT activities, and internal risk assessments in collaboration with Business Compliance Transformation (BCT) team stakeholders.
Assists with external audit evidence gathering through continual management of requisite documentation.
Review, document, and periodically communicate remediation and corrective actions identified during audit activities.
Gathers information by examining records, documents, and configuration settings pertinent to the security of system environments.
Assists in follow-up process on security alerts, including, but not limited to
those generated through Data Loss Prevention (DLP) monitoring.
Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Participates in certification and accreditation process, including by not limited to PCI DSS and SOC2 audit and compliance.
Coordinates with external assessor or auditor on gap assessments and ensure remediation efforts are on-schedule for certification completion.
Develops auditing processes to evaluate if compliance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Recommends improvements to security controls, both organizational and technical.
Collaborates effectively with IT department to ensure alignment between corporate objectives, technical controls, and organizational controls that impact information security.
Makes recommendations on revisions to policies and procedures related to information security, system hardening, network security, and access control.
Other ad hoc tasks as needed
Job Requirements:
Certifications pertinent to the role preferred, such as Certified Information Security Auditor (CISA), CompTia Security+, or SANS GIAC Security Essentials (GSEC).
Candidate must possess a Bachelor's degree in Information Technology or a related field.
Understands security standards and cybersecurity risk management frameworks, such as PCI DSS, NIST CSF, and ISO27001.
Knowledge of cyber defense and vulnerability assessment tools, including open source tools, and their capabilities.
Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
Ability to write command-line scripts to monitor security configurations.
Knowledge of information security implementations (e.g., firewalls, demilitarized zones, encryption).
Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Can easily transition to a fast-paced environment, must be able to learn new concepts quickly that affect the security posture of the company.
Meticulous, attentive to quality and details
Requirements
Minimum education level: Bachelor ́s Degree
Years of experience: 3
Language(s): English
Availability for travel: Yes
Availability for change of residence: Yes
People with disabilities: Yes
Other Info
₱ 70,000.00 monthly · Mandaluyong, National Capital Region · 2 minutes ago (updated)
Submit profile
Admerex Solutions Inc.
About the company
Admerex Solutions Inc. jobs
Mandaue City, Central Visayas
Urgent! Health Safety & Security Supervisor + Earn Competitive Salary
Suprea Philippines Development Corporation (CDO)
Cagayan, MisamisOriental, Cagayan de OroAgreement
Management Information Specialist (Data Encoder)
CASES COLLECTION MANAGEMENT, INC
MetroManila, Manila, MakatiAgreement
Position urgent: Information Security assessor recruited by the company Admerex Solutions Inc. at , Joboko automatically collects the salary of , finds more jobs on Urgent: Information Security Assessor or Admerex Solutions Inc. company in the links above
About the company
Admerex Solutions Inc. jobs
Mandaue City, Central Visayas