162 Security Auditor jobs in the Philippines

Job Brief

The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.

Duties and Responsibilities

• Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
• Perform test of design and operating effectiveness of controls
• Effectively communicate audit results to management
• Work with stakeholders to develop actions plans that address root cause of findings
• Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
• Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
• Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
• Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
• Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.

Minimum Requirements

• Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
• 2-4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
• Must have strong verbal and written communication skills; fluency in English is required
• Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
• Ability to travel up to 30% including international travel (valid passport required)
• Professional certifications (e.g., CIA, CISA, CISSP) are preferred

Avia Solutions Group (ASG) Global Services Philippines
is looking for a
Technical Cyber Security Auditor
for the Group's Digital Technologies Department.

This individual will be responsible for evaluating and assessing the IT infrastructure, systems, and processes of a group's subsidiaries to identify security vulnerabilities, ensure compliance with security policies, and recommend improvements to protect against cyber threats.

ASG Digital Technologies provides services to subsidiary companies related to IT Governance & Management, IT Service Delivery, IT Infrastructure Services, Workplace Support and ServiceDesk, Enterprise Applications (Digital IT Solutions, ERP), and Cybersecurity.

Reporting to ASG Digital Technologies, this position will be based in the ASG Global Services Philippines office in BGC, Taguig City, under a hybrid setup, working in the APAC Time zone.

Responsibilities

• Conducting real-time security monitoring across the group's subsidiaries
• Analyzing cybersecurity events and incidents to identify potential threats
• Managing and resolving security-related tickets
• Overseeing endpoint security
• Handling log management to ensure compliance and security
• Implementing and maintaining vulnerability management practices
• Utilizing penetration testing tools to assess and strengthen system security

Requirements And Skillset

• Minimum of 3-5 years' experience as a Cybersecurity Professional
• Bachelor's degree (or relevant technical certification/education)
• Knowledge of ISO27001, NIS2, NIST 2 and other Regulations
• Proficient in Microsoft Office

The Benefits Of Being Part Of Our Team

• Contribute to meaningful projects that shape the future, allowing you to grow professionally while making a real difference.
• Be part of a collaborative and inclusive environment where your ideas are valued, and innovation takes center stage.
• Benefit from personalized learning pathways, dedicated mentorship, and a clear trajectory for career advancement.
• Enjoy a flexible work culture and comprehensive benefits that support both your personal and professional well-being.
• Your efforts will be celebrated through competitive compensation and employee recognition programs designed to highlight your contributions.

OVERVIEW AND REPORTING RELATIONSHIP

As part of the IS Audit & Compliance team, the IS Security Auditor will work with IS leadership to protect the confidentiality, integrity and availability of patient, employee, and business information in compliance with organization policies and procedures. A primary focus will be working across Tenet and its facilities to evaluate whether risks to the organization are identified and minimized, acceptable internal controls and procedures are followed, resources are used efficiently and economically, and the organization's objectives are effectively achieved. This person will also be called upon to assist management with enterprise risk assessment and annual audit plan development.

REPORTING STRUCTURE & WORK SETTING

Position reports to Manager, IS Audits, as part of within Cybersecurity. This position will be located in Manila, Philippines in our Global Business Center.

OTHER REPRESENTATIVE DUTIES

NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties.

• Evaluates IT general controls (ITGC) including user access, information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
• Completes Financial Reporting Control (SOX) test work and documentation.
• Performs risk-based audits of information systems, operating systems, and operating procedures.
• Assists with audit evaluations to provide reasonable assurance that risk management, control, and governance systems are functioning as intended and can enable the organization to meet its goals and objectives.
• Evaluates automated system controls including authentication and authorization, and other controls to support privacy and security of sensitive data.
• Stays abreast of advances in technology and IT auditing techniques; regularly share knowledge with staff and audit management; effectively interact with various levels of internal management.
• Identifies emerging issues and recommend solutions to IT Audit & Compliance Management. Provides risk assessment input.
• Assists in maintaining documentation of deliverables, current procedures and internal system-specific knowledge.

QUALIFICATIONS:

EDUCATION AND WORK EXPERIENCE

• Bachelor's degree or equivalent work experience required
• 5-7 years of business experience with Big Four audit background preferred
• A minimum of 5 years' experience in a role performing IT audit work
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP) (preferred)
• Certified Information Security Manager (CISM) (preferred)
• Other combinations of education, experience, or training that may be considered in substitution for the minimum requirements

SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:

• Must be fluent in English
• The ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and wrap up audits
• Good working knowledge of SOX, HIPAA and HITECH/ISO principles, concepts and practices
• Strong interpersonal skills and excellent organizational skills
• Self-motivated, able to work in a team and independently
• Detail oriented, able to multitask and meet deadlines
• Advanced knowledge of PowerPoint and Excel
• Visio proficiency in documenting process workflows would be an asset
• Familiarity with audit tools would be considered an asset
• Experience working in cross-departmental teams and leading efforts through collaboration and influence.

OVERVIEW AND REPORTING RELATIONSHIP

As part of the IS Audit & Compliance team, the IS Security Auditor will work with IS leadership to protect the confidentiality, integrity and availability of patient, employee, and business information in compliance with organization policies and procedures. A primary focus will be working across Tenet and its facilities to evaluate whether risks to the organization are identified and minimized, acceptable internal controls and procedures are followed, resources are used efficiently and economically, and the organization's objectives are effectively achieved. This person will also be called upon to assist management with enterprise risk assessment and annual audit plan development.

REPORTING STRUCTURE & WORK SETTING

Position reports to Manager, IS Audits, as part of within Cybersecurity. This position will be located in Manila, Philippines in our Global Business Center.

OTHER REPRESENTATIVE DUTIES

NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties.

• Evaluates IT general controls (ITGC) including user access, information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
• Completes Financial Reporting Control (SOX) test work and documentation.
• Performs risk-based audits of information systems, operating systems, and operating procedures.
• Assists with audit evaluations to provide reasonable assurance that risk management, control, and governance systems are functioning as intended and can enable the organization to meet its goals and objectives.
• Evaluates automated system controls including authentication and authorization, and other controls to support privacy and security of sensitive data.
• Stays abreast of advances in technology and IT auditing techniques; regularly share knowledge with staff and audit management; effectively interact with various levels of internal management.
• Identifies emerging issues and recommend solutions to IT Audit & Compliance Management. Provides risk assessment input.
• Assists in maintaining documentation of deliverables, current procedures and internal system-specific knowledge.

QUALIFICATIONS:

EDUCATION AND WORK EXPERIENCE

• Bachelor's degree or equivalent work experience required
• 5-7 years of business experience with Big Four audit background preferred
• A minimum of 5 years' experience in a role performing IT audit work
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP) (preferred)
• Certified Information Security Manager (CISM) (preferred)
• Other combinations of education, experience, or training that may be considered in substitution for the minimum requirements

SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:

• Must be fluent in English
• The ability to identify/assess business process and IT risks, design appropriate audit steps and plan, execute and wrap up audits
• Good working knowledge of SOX, HIPAA and HITECH/ISO principles, concepts and practices
• Strong interpersonal skills and excellent organizational skills
• Self-motivated, able to work in a team and independently
• Detail oriented, able to multitask and meet deadlines
• Advanced knowledge of PowerPoint and Excel
• Visio proficiency in documenting process workflows would be an asset
• Familiarity with audit tools would be considered an asset
• Experience working in cross-departmental teams and leading efforts through collaboration and influence.

JOB SUMMARY

• Oversee employees, consultant, subsidiaries and vendor's compliance with ISPP

regarding the security of the Bank's information assets;

• Monitor the adequacy and effectiveness of the systems of internal control to ensure

that the systems minimize operations risk and identify exposures while the

consequences are still avoidable;

• Provide effective assessment of risks to ensure the soundness of information

technology; and

• Provide consulting activity to improve the risk management process of the

organization.

JOB DESCRIPTION

• Maintain a good working relationship with unit management and meets with Group

Heads or senior Bank management to explain information pertaining to adequacy,

effectiveness and efficiency of internal control systems to mitigate the risks identified.

• Develop and maintain key relationship with professional associations and /or individuals to exchange information on unusual or emerging technical issues and risk engines.
• Facilitate periodic risk assessment following the ACES and ISRA methodologies of the bank information assets.
• Conduct or review complex or specialized risk assessment of functions, identifies and evaluate risk concerns, recommend mitigating controls and report summary information deficiencies of business and operating units
• Recommends strategies and programs in relation to the Bank's Information Security
• Provide consulting activities to business and operating units on IT risks and information security issues covering Bank's processes, operating policies and procedures.
• Ensure adequacy and relevance of Information Security Policies and Procedures.
• Oversee user's adherence to security policy and report breaches to the appropriate authority
• Develop or enhance the risk assessment program on information security and privacy matter
• Develop and provide continuing education and advisory on information security and privacy matters for Bank personnel
• Participate in the Business Continuity Planning
• Assist in facilitating the vulnerability assessment and penetration testing exercises conducted by third party consultants and monitor resolution.
• Ensure timely resolution of internal and regulatory findings.
• Keep abreast of latest information security and privacy regulations and vulnerabilities and new and emerging security technology
• Prepare, assist and gather information for management or BROC reporting

JOB QUALIFICATION

• At least 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
• Minimum 2 - 3 years in a supervisory or leadership role managing risk assessments, audits, or compliance activities.
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Proficiency in risk management methodologies such as ISRA, RCSA, and SASRA, including risk registers and heatmaps.

Collections Officer Responsibilities:

• Aging and credit control monitoring
• Ensure client has adequate notes, paperwork, and collection notes
• High concentration balance confirmations monthly
• Balance confirmations for large dollar value invoices/debtors
• Reworking of invoice batches
• Correct any mismatched debtors, new debtor bonafides, spot check invoices
• Saving copy of invoices and backup paperwork to system where required
• Conduct debtor limit assessments and insurance where required
• Regular contact with debtors and clients
• Coordinate with client's team to produce high quality and timely information

The Client is an Australian national financial institution. You will be handling a portfolio of small clients, with your role focused on doing balance verifications and obtaining supporting paperwork for the larger dollar value/concentration debtors on the portfolio.

Collections Officer Requirements:

• Preferably with Call Center Experience.
• Bachelor's degree in accounting or business management, or a similar field.
• Previous experience working as a Collections Officer.
• Excellent negotiating skills.
• Good written and verbal communication skills.
• Familiarity with state debt collection laws.
• Knowledge of payment plans and accounting procedures.
• Knowledge of office and accounting software.
• Patience and resilience.

Job highlights:

• On-site, office based in Cebu City
• Fixed day shift (morning shift)
• Fixed weekends off
• Shortened probation
• HMO upon regularization
• Up to 2 HMO dependents after 2 years of service
• Company lunches
• Snacks, coffee, and drinks in the pantry
• Access to gym and swimming pool

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

Job Brief

The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.

Duties and Responsibilities

• Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
• Perform test of design and operating effectiveness of controls
• Effectively communicate audit results to management
• Work with stakeholders to develop actions plans that address root cause of findings
• Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
• Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
• Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
• Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
• Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.

Qualifications

Minimum Requirements

• Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
• At least 4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
• Must have strong verbal and written communication skills; fluency in English is required
• Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
• Ability to travel up to 30% including international travel (valid passport required)
• Professional certifications (e.g., CIA, CISA, CISSP) are preferred

Additional Information

About AECOM

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients' complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at

What makes AECOM a great place to work

You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you'll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you've always envisioned. Here, you'll find a welcoming workplace built on respect, collaboration and community - where you have the freedom to grow in a world of opportunity.

As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.

ReqID:
J

Business Line:
Geography OH

Business Group:
DCS

Strategic Business Unit:
GBS

Career Area:
Finance

Work Location Model:
Hybrid

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.