Information Security Risk Specialist, MariBank

What you'll do

• Risk Identification and Assessment: Conducting enterprise-wide security risk assessments, maintaining a risk register, and evaluating the likelihood and impact of potential security threats.
• Third-Party Risk Management: Reviewing security posture of vendors and partners through questionnaires and audits (e.g., SOC reports)
• Security Policy Compliance: Developing and enforcing security policies, standards, and best practices to ensure compliance with regulatory requirements. Familiarity or experience with ISO 27001, NIST, PCI DSS, and / or local BSP regulations.
• Vulnerability Assessment and Mitigation: Identifying IT system vulnerabilities, analyzing risk level, and recommending remedial action to technical teams.
• Reporting and Communication: Presenting risk data, metrics, and mitigation strategies to management and leadership teams.
• Security Education: Providing security awareness training to employees, such as phishing simulations and training sessions

Requirements

• At least 3 years of relevant work experience in Information Security Risk and other related-functions
• Certification or training with information security risk, audit, or any information security-related is a plus
• Amenable to work in Ortigas, Mandaluyong City