Pasig City, Philippines

Information Security GRC Analyst

Full-time / part-time
Full-time
Level
Associate
Department
Compliance & Risk
Address
Ortigas Center
Pasig City
Philippines

Job description

To provide second-line support for all aspects of the Group’s Information Security strategy and arrangements encompassing cultural, physical, and technology elements throughout the business, with the primary focus being on InfoSec program governance and oversight.

Working as part of the Group Risk and Compliance department, the second line InfoSec team interacts regularly with the first line IT Security team, providing oversight, challenge, and validation of operational controls and procedures. The role holder will work closely with business and technology teams to help articulate and communicate the InfoSec governance program, identify risks and threats, and evaluate and help implement controls and improvements.


Tasks (what does the role do on a day-to-day basis)

  • Support the management of Information Security governance for the organization, ensuring adherence to Group policies and standards.
  • Work closely with the Group Risk and Compliance team to ensure key Information Security risks and issues are identified, addressed, and resolved in a timely manner.
  • Assist in the management of the Group’s Information Security Management System including maintenance of the ISO 27001 certification, particularly as it applies to the Philippines jurisdiction.
  • Engage with the first line IT Security Operations team and assist the Group CISO in providing oversight and challenge to that function. 
  • Participate in the security training and awareness program including ownership of the compliance process, assessment of the threat landscape to inform the development of training content, and publication of materials through corporate channels. 
  • Participate in periodic security testing activities (e.g. penetration testing, DR exercises) and prioritize and manage response activities.
  • Assist with the audit and client management aspects of the Information Security team, including client due diligence questionnaires; help design more effective procedures in this space.
  • Help improve and support relevant security metrics; analyze data, identify trends and drive improvements to the control environment.
  • Assist in general Information Security-related issues as required, including potential interaction with the Security Operations team, Technology teams, and business stakeholders.

Key behaviors we expect to see
In addition to demonstrating our Group Values (Authentic, Bold, and Collaborative), the role holder will be expected to demonstrate the following:

  • A people and client-focused mindset.
  • Self-motivating and able to work under own initiative.
  • Hard-working, reliable, and supportive.
  • Possesses a willingness to help develop the role and team in a rapidly changing environment.
     

Qualifications

Must-have:

  • 3+ years of Information Security experience.
  • Recent experience of working in a similar capacity, preferably in a financial services organization.
  • Experience in working within a structured security framework, such as ISO 27001.
  • Experience configuring and managing security operations toolsets.

  • Comfort working with Risk Management platforms.

  • Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations.
  • An ability to translate security requirements and standards into easily understood business concepts and vice versa.
  • Expertise in standard Microsoft Office products.

Nice to have

Relevant industry certification (e.g. CISSP, CISM, ISO 27001 LA, etc.) desirable.

Additional information

At IQ-EQ we want you to reach your full potential. We offer an inclusive and diverse environment to support your career aspirations. With a strong emphasis on continuous learning and a holistic approach to your professional and personal development. We also offer opportunities across our service lines and our international network of offices.  

Company description

IQ-EQ is a leading Investor Services group which combines global expertise with an unwavering focus on client service delivery. We support fund managers, global companies, family offices and private clients operating worldwide.

Apply now

To apply, please enter your details into the below form. If you experience any issues with this form, please click here to apply via our provider SmartRecruiters directly.

Personal
CV
Allowed document formats are PDF, Word, RTF, JPG or PNG. Maximum file size 2MB.
Current
Do you have the right to work in the location of the vacancy?

If you haven't uploaded a CV, please detail your experience and education.

Experience
Education