7 Commercial Underwriter Environmental jobs in the Philippines

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

• ROLES AND RESPONSIBILITIES A. Does (The tasks / responsibilities that the role performs to address requirements in Key Result Areas)
• Assist in the execution of the Institutional Risk Assessment (IRA) process to identify and assess AML risks across business lines.
• Gather and analyze relevant data to support risk assessments and help determine inherent and residual risks.
• Contribute to the development and application of risk scoring tools and models.
• Support periodic reviews and updates of the IRA framework to align with regulatory requirements and internal changes.
• Coordinate with business units and control owners to gather input and validate risk information.
• Prepare risk summaries, dashboards, and reports for internal stakeholders and regulatory submissions.
• Monitor regulatory changes and assist in updating risk factors and control evaluations accordingly.
• Help identify control gaps and recommend enhancements to mitigate identified AML risks.
• Assist in preparing documentation for internal audits, regulatory exams, and board presentations.

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

• Develops a complete understanding of a company's technology and information systems.
• Identify and communicate current and emerging cybersecurity and fraud threats and risks that are relevant to GCASH.
• Design cybersecurity and fraud management architecture elements for GCASH to mitigate threats as they emerge.
• Plan, research and design robust cybersecurity and fraud management architectures for demands of GCASH
• Understands the business direction, threat landscape globally and regionally for the Fintech Industry.
• Collaborates with product teams and business to understand the business direction and anticipating Security and Fraud Risks relevant to whatever the direction business is moving towards.
• Formulates the new cybersecurity and fraud management blueprints to ensure business is able to pursue the plans at the same time managing the risks for GCASH.
• Conducts research on Emerging Technologies and their evolving threats to be used for the Threat Modeling process.)
• Creates and maintains Fraud and Security Blueprints for emerging and existing technology and information systems.
• Communicate the new Fraud and Security Blueprints to relevant teams/groups pervasively within GCASH.
• Responds to, and investigates, cybersecurity and fraud incidents and provides thorough post-event analyses in collaboration with the ISDP GGSOC team.
• Reviews current system cybersecurity and fraud measures and decides and oversees implementation of enhancements for GCASH.
• Receives escalation from Fraud and Security Consultants handling FSR and assess validity of escalations and assess potential controls to address the escalations.
• Regularly communicates vital information, cybersecurity and fraud management needs and priorities to upper management.

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package

Be #InGoodHands with Metrobank

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach

Position Title:
Security Assurance and Assessment Officer

Job Summary:

• Develop tactical plans and programs for the establishment and maintenance of the Bank's third party information security risk management framework and ensure alignment with the enterprise risk framework
• Performs third party security, system security and information asset based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third party relationships to identify potential risk including the determination of risk mitigation strategies
• Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies
• Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services

Role Exposure:

• Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments
• Identify the Bank's critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information
• Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
• Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
• Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships.
• Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk
• Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities
• Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment
• Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities
• Ensures security risk register is maintained and kept updated including status of remediation activities
• Executes and monitors accomplishment of the risk assessment plans and programs
• Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical
• Tracking and follow up on status of mitigation activities
• Maintain and track library of records and documentation
• Investigation of applicable reported incidents related to information handling and data privacy
• Keep abreast of and apply information, IT and third party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work
• Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them
• Proactively works with the Department Head in implementing programs for the continuous improvement of the bank's information security plans and strategies
• Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head

Qualifications:

• Bachelor's Degree
• Experienced in IT general controls and auditing, preferably strong background on system security risk assessments
• Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
• Experienced on project security technical review and risk assessment
• Analytical and risk identification skills to analyze a variety of information security –related risk situations and develop recommendations on the best course of action
• Should also be abreast with security best practices and knowledge of common and emerging security threats
• Professional Certification may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage

Other Details:

Rank:
Junior Officer

Unit:
Financial and Control Sector / Information Security Division / Security Quality Assurance and Risk Assessment Department

Location:
Metrobank Center, BGC, Taguig City

Today's world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.

The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape.

Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives.

The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes.  They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY's control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles.

The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results.

Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc.

• Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team's charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization.
• Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes.
• Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm.
• Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework.
• Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion.
• Think strategically to assist with the development of a long-term vision for Information Security's Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives.
• Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary.
• Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
• Outstanding management, interpersonal, communication, organizational, and decision-making skills.
• Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.
• Demonstrate integrity and judgment within a professional environment.
• Evaluate, counsel, mentor and provide feedback on performance of others.
• Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security.

• 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s).
• Audit experience or a demonstrated ability to design and test technology controls.
• 5+ years of experience in managing and mentoring junior and senior level staff.
• Experience leading global and virtual teams.
• High proficiency in technical and general writing skills in English.
• An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis.
• One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT.

• A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX.
• Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI.
• Experience with RSA Archer or other GRC tools.
• Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones.

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here's a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.

We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations.

EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Apply now.