108 IT Security Specialists jobs in the Philippines

_**Qualifications**_
- Bachelor’s degree in Information Technology, Computer Science or any related course
- With a minimum of 1 year related experience
- With Information Security-related trainings, preferably on Data Privacy Act of 2012 (RA 10173)
- Strong analytical, composition, and prioritizing skills
- Detail-oriented and with good organization and coordination skills
- Ability to maintain confidentiality
- Good written and oral communication skills
- **Duties and Responsibilities**_
- Implements security policy/measures and recommends improvements, as necessary
- Coordinates with all departments to ensure conformity to the PSMBFI Data Privacy Manual
- Aids in the conduct of routine review and inspection of security system infrastructure
- Coordinates with the IT department for the analysis of suspected information security breaches, and escalates such to the Head, Information Security Office, as necessary
- Provides administrative assistance in the conduct of periodic data privacy and information security awareness programs such as orientation and information campaigns to employees of the Company
- Assists in the preparation of various communications memoranda and departmental reports
- Receives and records incoming and outgoing communications of the department
- Maintains neat and orderly files of the department and ensures completeness, proper documentation and confidentiality
- Manages office and computer supplies as well as office equipment to ensure availability of resources for use by the department
- Performs tasks as provided for in the updated and approved PSMBFI Operations Manual
- Performs other related functions as directed by superior

**Job Types**: Full-time, Permanent

**Salary**: Php17,000.00 - Php20,000.00 per month

Schedule:

- 8 hour shift
- Monday to Friday

Supplemental Pay:

- 13th month salary
- Overtime pay

Collaborate with different departments in reviewing and adjusting security processes, policies, and standards
- Evaluate and assess security issues, gaps, and risks and recommend/implement necessary change or corrective action processes for continuous improvement
- Provide assistance in auditing and ensuring internal and external compliance with the established security standards
- Assist in generating reports and documentation related to information security and risk management
- Perform client security assessment and privacy security assessment
- Facilitate information security management training and orientation

**Qualifications**:

- Graduate of a Bachelor's/College Degree in Computer Science, Information Technology, or any four-year course
- With at least 3 years of experience in Information Security Management or Information Technology Risk Management
- Being certified in CISM, CISSP, CRISC, etc. is a plus
- Knowledgeable in IT Security and Risk Management Framework (such as COBIT, Risk IT, ISO 27001)
- With excellent verbal and written communication skills

**Benefits**:

- Cash Convertible Leave Credits
- Non-taxable Allowances
- HMO Card
- HMO Card for dependent
- Medical Reimbursement
- Life & Accident Insurance
- Employee Referral Incentives
- Loyalty Incentive
- Government-Mandated Benefits
- Trainings
- Positive Working Environment and Work-Life Balance

**Job Types**: Full-time, Permanent

**Benefits**:

- Additional leave
- Company events
- Flexible schedule
- Free parking
- Health insurance
- Life insurance
- Opportunities for promotion
- Paid training
- Pay raise
- Promotion to permanent employee
- Transportation service provided
- Work from home

Schedule:

- 8 hour shift
- Flexible shift
- Monday to Friday

Supplemental Pay:

- 13th month salary
- Overtime pay
- Performance bonus

Collaborate with different departments in standardizing, developing, reviewing, and adjusting security processes, policies, and standards
- Evaluate and assess security issues, gaps, and risks and recommend/implement necessary change or corrective action processes for continuous improvement
- Audit and ensure internal and external compliance with the established security standards
- Generate reports and documentation related to information security and risk management
- Performing client security assessment and privacy security assessment
- Facilitate information security management training and orientation
- Manage and oversee the Information Security Team

**Qualifications**:

- Graduate of a Bachelor's/College Degree in Computer Science, Information Technology, or any four-year course
- With at least 5 years of experience in Information Security Management or Information Technology Risk Management
- Being certified in CISM, CISSP, CRISC, etc. is a plus
- Knowledgeable in IT Security and Risk Management Framework (such as COBIT, Risk IT, ISO 27001)
- With excellent verbal and written communication skills

**Benefits**:

- Cash Convertible Leave Credits
- Non-taxable Allowances
- HMO Card
- HMO Card for dependent
- Medical Reimbursement
- Life & Accident Insurance
- Employee Referral Incentives
- Loyalty Incentive
- Government-Mandated Benefits
- Trainings
- Positive Working Environment and Work-Life Balance

**Job Types**: Full-time, Permanent

**Benefits**:

- Additional leave
- Company events
- Flexible schedule
- Flextime
- Free parking
- Health insurance
- Life insurance
- Opportunities for promotion
- Paid training
- Pay raise
- Promotion to permanent employee
- Work from home

Schedule:

- 8 hour shift
- Flexible shift
- Monday to Friday

Supplemental Pay:

- 13th month salary
- Performance bonus

Preferably with 2 years experience as information security.
- Excellent verbal, written communication and presentation skills - with experience in writing policies, procedures and manuals.
- Excellent in analytical and problem-solving abilities to identify and fix security risks.
- Applicants must be willing to work in 1174 Sotto Yuvienco Bldg. General Luna St., Paco Manila.

**Responsibilities**:

- Information Security Officer will be under the supervision of the IT Supervisor - help to improve and communicate the maturity levels of information security, state of cybersecurity, Data Privacy and IT risks practices across the company.
- Responsible for planning and implementation of security standards, Cyber Security, Data Protection and Privacy Laws based on ISO 27001.
- Develops and implements an actionable risk assessment program focused on information security and data privacy matters.
- Promote and create staff awareness in information security and data protection topics.
- Support development of policies and procedures for the information security, information technology and data privacy program.

**Job Types**: Full-time, Permanent

**Salary**: Php35,000.00 per month

Schedule:

- Day shift

Supplemental pay types:

- 13th month salary
- Overtime pay

Ability to commute/relocate:

- Manila: Reliably commute or planning to relocate before starting work (required)

Position Overview:
As a Security Architect, you will engage across various domains within information security, focusing on: br>Evaluating and auditing existing security controls and solutions.
Designing and implementing new security measures.
Providing expert counsel within the department and beyond.
Assisting in the design and optimization of our SIEM/MDR solutions.
Conducting risk assessments for infrastructure, applications, and vendors.

Qualifications:
Bachelor's degree in any field; degrees in Information Security, Computer Science, or Software Engineering preferred but not mandatory.
Certifications such as Azure Architect, Azure Security, OSCP, OSEP, CISSP, Security+, ISO 27001, CISM, or CRISC are advantageous but not required.
Excellent English communication skills.
Knowledge in areas such as:
Risk Management
Third-Party Risk Management
Control Management
Security Frameworks (ISO 27001/27002/27005, NIST 800-53, NIST CSF)
Policy and Procedure Development
Infrastructure and Cloud Security (Azure)
MDR/SIEM/Log Analytics
Incident Response
Vulnerability and Penetration Testing
Identity and Access Management (IAM)
Technical Security and Risk Assessments
Disaster Recovery Planning
Willingness to engage with the CISO on professional matters.

Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. Improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across Entrego.

Key Responsibilities and Duties

Ensure standard parameters of systems and network used by Entrego is within best practices
Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local regulations and standards.
Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions to IT activities.
Proactive identification and mitigation of IT risks as well as responding to observations identified by the third-party auditors while assisting in the development of periodic reports and presenting the level of controls compliance and current IT risk posture.
Assist Entrego with the audits and facilitate management response and remediation efforts.
Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.
Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation. Provide strategic recommendation to key IT projects to help improve project results, quality of deliverables, risk optimizations security processes and compliance with regulations.
Facilitate information security management education and training including user awareness programs. Requirements

Bachelor's degree in computer science or Information management
Experience in risk, compliance, and information security policy
Knowledge of laws and regulations including but not limited to RA10173 or the Data privacy Act of 2012
Experience with development of cybersecurity educational and awareness programs
Excellent organizational and communication skills (both oral and written)
Knowledge of information security processes and controls including risk and control framework.

NIST Frameworks
ITIL v4 best practices
IT security and control best practices
Skills and Certifications that are good to have but not required:
Certification in information security
Advance knowledge in OSI framework

Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.

**Summary**:

- ***

The Principal Governance, Risk, & Compliance (GRC) Analyst reports directly to the Director of GRC and is responsible for fulfilling and maturing services provided by the GRC team.**Responsibilities**:

- Maintain, and mature GRC services as a primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.)
- Track assigned information security risks through the Risk Management process.
- Perform data quality reviews for GRC process measurement.
- Prepare risk management metrics and reporting.
- Work with Deltek technical and business professionals to determine appropriate risk treatment decisions and plans.
- Utilize governance, risk, and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
- Facilitate gathering, reviewing, and assembling internal and external audit evidence.
- Support projects as assigned to enhance Deltek compliance capabilities.
- Maintain proficiency with applicable laws, regulations, and standards.
- Draft and maintain compliance documents (e.g., policies, standards, procedures, etc.).
- Coordinate the adoption of information security best practices throughout the enterprise.

**Qualifications**

**Requirements**:

- B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred)
- Minimum 3 years of combined experience in Information security, compliance, technology audit, or a related field.
- Experience with NIST SP 800-53, ISO 27001, PCI DSS, or SOC 1/2.
- Strong written and verbal communication skills.
- Experience working in a collaborative team environment.

**Preferences**:

- CISSP, CISA, or other related information security certification desired.
- FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired.
- Experience with software development in a cloud environment desired.

**Travel Requirements**
- 10%

Job Overview: The Chief Information Security Officer works with other executives across different departments to design security systems and assets. The CISO’s main responsibility is creating and implementing an information security program that is designed to protect enterprise communications, systems, and assets from any potential threats. He/She will ensure compliance to legal security practices.Job Description: ● Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk ● Build and inspire a highly skilled and diverse Cybersecurity team. Foster a culture of trusted cross-functional partnership, service, and continuous improvement ● Create quarterly, annual, and long-term cyber security and cyber risk management goals, articulate strategies, define metrics and provide necessary updates to executive leadership ● Partner with leadership for the development, planning, and execution of major security initiatives. Support Secure Software Development Lifecycle ● Collaborate with the SOC team and ISO 27001 Core team to establish appropriate security standards and provide an effective governance structure to ensure cyber compliance and accountability ● Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption, ● Identity & Access Management and Privileged User Access to protect customer and employee data ● Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, blockchain, etc. ● Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security problems that might arise from acquisitions or other big business moves ● Other job-related activities may be assigned from time to time.RequirementsRequirements: ● Education – At least graduate with a Bachelor’s Degree in IT, Computer Science, Engineering, or any related course. ● Related Work Experience - Key Industry certifications in Information Security, such as CISSP, CISM and CISA ● Knowledge – Knowledgeable in security and operations processes. ● 15+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base ● 7+ years people management experience with hands-on experience building diverse teams while promoting an inclusive organization ● A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies ● A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation ● Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making by Executive Management and the Board ● Ability to understand not only emerging industry trends as far as cyber security is concerned but also the landscape of emerging threats, making appropriate adjustments within the cybersecurity program