20 Security Expert jobs in the Philippines
Information Security Analyst II
Manila, Metropolitan Manila
RELX INC
Posted 20 days ago
Job Viewed
Job Description
Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.
This advertiser has chosen not to accept applicants from your region.
0
Information Security Auditor
AECOM
Posted 4 days ago
Job Viewed
Job Description
**Company Description**
**Work with Us. Change the World.**
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
**Job Description**
**Job Brief**
The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.
**Duties and Responsibilities**
+ Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
+ Perform test of design and operating effectiveness of controls
+ Effectively communicate audit results to management
+ Work with stakeholders to develop actions plans that address root cause of findings
+ Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
+ Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
+ Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
+ Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
+ Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.
**Qualifications**
**Minimum Requirements**
+ Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
+ 2-4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
+ Must have strong verbal and written communication skills; fluency in English is required
+ Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
+ Ability to travel up to 30% including international travel (valid passport required)
+ Professional certifications (e.g., CIA, CISA, CISSP) are preferred
**Additional Information**
Shift schedule: Morning shift (9AM to 6PM)
**About AECOM**
AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.
AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients' complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.
**What makes AECOM a great place to work**
You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you'll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you've always envisioned. Here, you'll find a welcoming workplace built on respect, collaboration and community - where you have the freedom to grow in a world of opportunity.
As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.
**ReqID:** J10134928
**Business Line:** Geography OH
**Business Group:** DCS
**Strategic Business Unit:** GBS
**Career Area:** Finance
**Work Location Model:** Hybrid
**Legal Entity:** AECOM Global Business Services - Philippines ROHQ
**Work with Us. Change the World.**
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
**Job Description**
**Job Brief**
The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.
**Duties and Responsibilities**
+ Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
+ Perform test of design and operating effectiveness of controls
+ Effectively communicate audit results to management
+ Work with stakeholders to develop actions plans that address root cause of findings
+ Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
+ Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
+ Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
+ Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
+ Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.
**Qualifications**
**Minimum Requirements**
+ Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
+ 2-4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
+ Must have strong verbal and written communication skills; fluency in English is required
+ Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
+ Ability to travel up to 30% including international travel (valid passport required)
+ Professional certifications (e.g., CIA, CISA, CISSP) are preferred
**Additional Information**
Shift schedule: Morning shift (9AM to 6PM)
**About AECOM**
AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.
AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients' complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at aecom.com.
**What makes AECOM a great place to work**
You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you'll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you've always envisioned. Here, you'll find a welcoming workplace built on respect, collaboration and community - where you have the freedom to grow in a world of opportunity.
As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.
**ReqID:** J10134928
**Business Line:** Geography OH
**Business Group:** DCS
**Strategic Business Unit:** GBS
**Career Area:** Finance
**Work Location Model:** Hybrid
**Legal Entity:** AECOM Global Business Services - Philippines ROHQ
This advertiser has chosen not to accept applicants from your region.
1
Information Security Architect (Hybrid)
Blaseek
Posted 7 days ago
Job Viewed
Job Description
Position Overview:
As a Security Architect, you will engage across various domains within information security, focusing on: br>Evaluating and auditing existing security controls and solutions.
Designing and implementing new security measures.
Providing expert counsel within the department and beyond.
Assisting in the design and optimization of our SIEM/MDR solutions.
Conducting risk assessments for infrastructure, applications, and vendors.
Qualifications:
Bachelor's degree in any field; degrees in Information Security, Computer Science, or Software Engineering preferred but not mandatory.
Certifications such as Azure Architect, Azure Security, OSCP, OSEP, CISSP, Security+, ISO 27001, CISM, or CRISC are advantageous but not required.
Excellent English communication skills.
Knowledge in areas such as:
Risk Management
Third-Party Risk Management
Control Management
Security Frameworks (ISO 27001/27002/27005, NIST 800-53, NIST CSF)
Policy and Procedure Development
Infrastructure and Cloud Security (Azure)
MDR/SIEM/Log Analytics
Incident Response
Vulnerability and Penetration Testing
Identity and Access Management (IAM)
Technical Security and Risk Assessments
Disaster Recovery Planning
Willingness to engage with the CISO on professional matters.
As a Security Architect, you will engage across various domains within information security, focusing on: br>Evaluating and auditing existing security controls and solutions.
Designing and implementing new security measures.
Providing expert counsel within the department and beyond.
Assisting in the design and optimization of our SIEM/MDR solutions.
Conducting risk assessments for infrastructure, applications, and vendors.
Qualifications:
Bachelor's degree in any field; degrees in Information Security, Computer Science, or Software Engineering preferred but not mandatory.
Certifications such as Azure Architect, Azure Security, OSCP, OSEP, CISSP, Security+, ISO 27001, CISM, or CRISC are advantageous but not required.
Excellent English communication skills.
Knowledge in areas such as:
Risk Management
Third-Party Risk Management
Control Management
Security Frameworks (ISO 27001/27002/27005, NIST 800-53, NIST CSF)
Policy and Procedure Development
Infrastructure and Cloud Security (Azure)
MDR/SIEM/Log Analytics
Incident Response
Vulnerability and Penetration Testing
Identity and Access Management (IAM)
Technical Security and Risk Assessments
Disaster Recovery Planning
Willingness to engage with the CISO on professional matters.
This advertiser has chosen not to accept applicants from your region.
2
Chief Information Security Officer (CISO)
1631 Taguig, National Capital Region
Career Connect
Posted 15 days ago
Job Viewed
Job Description
Job Overview: The Chief Information Security Officer works with other executives across different departments to design security systems and assets. The CISO’s main responsibility is creating and implementing an information security program that is designed to protect enterprise communications, systems, and assets from any potential threats. He/She will ensure compliance to legal security practices.Job Description: ● Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk ● Build and inspire a highly skilled and diverse Cybersecurity team. Foster a culture of trusted cross-functional partnership, service, and continuous improvement ● Create quarterly, annual, and long-term cyber security and cyber risk management goals, articulate strategies, define metrics and provide necessary updates to executive leadership ● Partner with leadership for the development, planning, and execution of major security initiatives. Support Secure Software Development Lifecycle ● Collaborate with the SOC team and ISO 27001 Core team to establish appropriate security standards and provide an effective governance structure to ensure cyber compliance and accountability ● Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption, ● Identity & Access Management and Privileged User Access to protect customer and employee data ● Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, blockchain, etc. ● Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security problems that might arise from acquisitions or other big business moves ● Other job-related activities may be assigned from time to time.RequirementsRequirements: ● Education – At least graduate with a Bachelor’s Degree in IT, Computer Science, Engineering, or any related course. ● Related Work Experience - Key Industry certifications in Information Security, such as CISSP, CISM and CISA ● Knowledge – Knowledgeable in security and operations processes. ● 15+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base ● 7+ years people management experience with hands-on experience building diverse teams while promoting an inclusive organization ● A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies ● A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation ● Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making by Executive Management and the Board ● Ability to understand not only emerging industry trends as far as cyber security is concerned but also the landscape of emerging threats, making appropriate adjustments within the cybersecurity program
This advertiser has chosen not to accept applicants from your region.
3
Cyber Security Analyst 1 (Onsite)
Pampanga, Pampanga
Seidotech Solutions Corp.
Posted 23 days ago
Job Viewed
Job Description
About the role: As a Cyber Security Analyst – Tier 1 in the Security Operations Center (SOC), you will be the first responder for business-impacting cyber security incidents that arise in our customers' environments. Fast, effective, and courteous service is the lifeblood of our organization, and this position requires nothing less. Your technical acumen will be challenged daily. Quick thinkers who can make decisions on their feet will be successful in this job.
br>What You’ll Do: < r>- Monitor cyber security tools to identify, triage, and report security incidents to customers.
- Leverage available cyber security capabilities to contain security incidents to prevent the lateral spread of malware or lateral movement of attackers.
- Conduct cyber security investigations to identify and rule out false positive security incidents.
- Provide additional cyber security investigatory support to customers as needed.
- Work with a team of like-minded professionals to monitor customer ticket queues and triage tickets that need immediate attention. We service customers as small as 10 users, up to multi-national enterprises.
- Follow pre-defined playbooks and runbooks and collaborate with other technical resources, where appropriate.
- Monitor and process event tickets on a prioritized basis as to the customer impact and urgency of these events.
- Remain cognizant of customer service-level agreements, and strive to meet or exceed them on a regular basis.
- Participate in Incident Management by providing situational reports (sitreps) via ticket updates and/or customer-facing communications.
- Provide first level technical resolution for cyber security incidents.
- Collaborate with our Network Operations Center (NOC) as needed, to document incidents, maintenance, and problems.
- Utilize various systems management tools to monitor availability, reliability, and performance of customer environments.
- Demonstrate problem solving skills that contribute towards the resolution of any issues that arise.
- Quickly assess an issue and form an understanding of the likely root cause in unfamiliar technical environments and technologies.
- Investigate, resolve, and/or escalate matters of significance pertaining to customer alerts and events.
- Document solutions, processes, procedures and present them in writing, verbally on the phone or in-person.
- Commit to professional growth and development by maintaining and/or obtaining new industry specific certifications.
What Skills & Experience You’ll Need: < r>- Experience with monitoring and using a SIEM
Azure Sentinel preferred (Splunk, Elastic, QRadar are nice to have)
- Experience supporting and administering the following is highly desired:
> Crowdstrike (or a similar nextgen endpoint solution)
> Azure or AWS cloud environments, including compute, storage, networking basics, and backups.
> Microsoft O365
> Windows Server OS: Windows 2012 through Windows 2019, including ADDS, DNS, DHCP, DFS, file/print services, PowerShell basics.
- Networking Basics (CompTIA Network+ equivalent).
- At least one of the following industry certifications highly desired: Security+, Network+, CEH, GCIH.
- A curious disposition.
- Strong documentation, reporting, analytical and problem-solving skills.
- The ability to effectively engage in customer-facing communications.
Preferred Qualifications:
- Experience with any of the following tools: Kaseya VSA, Auvik.
- Experience working in IT enterprises that use industry frameworks such as ITIL, COBIT, or MOF.
br>What You’ll Do: < r>- Monitor cyber security tools to identify, triage, and report security incidents to customers.
- Leverage available cyber security capabilities to contain security incidents to prevent the lateral spread of malware or lateral movement of attackers.
- Conduct cyber security investigations to identify and rule out false positive security incidents.
- Provide additional cyber security investigatory support to customers as needed.
- Work with a team of like-minded professionals to monitor customer ticket queues and triage tickets that need immediate attention. We service customers as small as 10 users, up to multi-national enterprises.
- Follow pre-defined playbooks and runbooks and collaborate with other technical resources, where appropriate.
- Monitor and process event tickets on a prioritized basis as to the customer impact and urgency of these events.
- Remain cognizant of customer service-level agreements, and strive to meet or exceed them on a regular basis.
- Participate in Incident Management by providing situational reports (sitreps) via ticket updates and/or customer-facing communications.
- Provide first level technical resolution for cyber security incidents.
- Collaborate with our Network Operations Center (NOC) as needed, to document incidents, maintenance, and problems.
- Utilize various systems management tools to monitor availability, reliability, and performance of customer environments.
- Demonstrate problem solving skills that contribute towards the resolution of any issues that arise.
- Quickly assess an issue and form an understanding of the likely root cause in unfamiliar technical environments and technologies.
- Investigate, resolve, and/or escalate matters of significance pertaining to customer alerts and events.
- Document solutions, processes, procedures and present them in writing, verbally on the phone or in-person.
- Commit to professional growth and development by maintaining and/or obtaining new industry specific certifications.
What Skills & Experience You’ll Need: < r>- Experience with monitoring and using a SIEM
Azure Sentinel preferred (Splunk, Elastic, QRadar are nice to have)
- Experience supporting and administering the following is highly desired:
> Crowdstrike (or a similar nextgen endpoint solution)
> Azure or AWS cloud environments, including compute, storage, networking basics, and backups.
> Microsoft O365
> Windows Server OS: Windows 2012 through Windows 2019, including ADDS, DNS, DHCP, DFS, file/print services, PowerShell basics.
- Networking Basics (CompTIA Network+ equivalent).
- At least one of the following industry certifications highly desired: Security+, Network+, CEH, GCIH.
- A curious disposition.
- Strong documentation, reporting, analytical and problem-solving skills.
- The ability to effectively engage in customer-facing communications.
Preferred Qualifications:
- Experience with any of the following tools: Kaseya VSA, Auvik.
- Experience working in IT enterprises that use industry frameworks such as ITIL, COBIT, or MOF.
This advertiser has chosen not to accept applicants from your region.
4
Technical Security & Compliance Analyst
EFlexervices
Posted 7 days ago
Job Viewed
Job Description
Who we are:
br>eFlexervices is a BPO company with a legacy spanning 24 years. We've honed our craft in providing exceptional quality and building unshakable trust. At eFlex, we're not just a BPO company – we're your partners in success. Our approach is all about finding the perfect match between talent and the organizations we support. We're not just investing in our work; we're investing in people, optimizing performance, and maximizing efficiency. We are all about exceptional quality and unwavering trust. < r>
What we are looking for:
Are you ready to take your expertise to the next level? At eFlexervices, we're not just hiring a Technical Security & Compliance Analyst – we're empowering your talent to deliver quality and performance. Join us in shaping the success and making an impact that truly matters. < r>
The Technical Security & Compliance Analyst is a critical role focused on maintaining and enhancing an organization's security posture and regulatory adherence by managing technical and operational compliance activities for standards like SOC 2, ISO 27001, HIPAA, and GDPR. This involves the meticulous implementation, continuous monitoring, and thorough documentation of technical controls to protect sensitive data and systems, with all findings recorded in a compliance automation platform. The role demands a deep understanding of security frameworks, regulatory requirements, and technical infrastructure, serving as a vital link between technical and audit teams to mitigate risks, ensure data privacy, and uphold the organization's commitment to security and compliance.
What you’ll be doing: < r>
Operate and maintain the compliance automation tool (e.g., Vanta, Scytale, Secureframe).
Ensure device compliance (encryption, antivirus, MDM policies) across all endpoints.
Conduct periodic access reviews and enforce MFA.
Perform regular vulnerability scans and coordinate remediation with IT/dev teams.
Maintain secure configurations for cloud infrastructure.
Collect and upload technical evidence for audits.
Assist with incident detection, investigation, and response.
Collaborate with internal teams to close compliance gaps.
Qualifications and Requirements:
Bachelor’s degree in IT, Computer Science, Cybersecurity or related field. < r>2+ years in IT security, compliance, or systems administration.
Relevant security certifications such as Security+, CISA, CRISC, CISM, CISSP
Familiarity with SOC 2, ISO 27001, HIPAA, and GDPR preferred.
Experience with compliance or GRC tools is a plus.
Strong knowledge of endpoint, network, and cloud security.
Highly organized with strong attention to detail.
Proactive problem solver who can work independently.
Strong analytical and problem-solving skills
Benefits and Perks:
At eFlex, we're not just a workplace – we're a community of playmakers, committed to fostering growth, learning, and personal connections. Here's what's in store for you: < r>
Living Our Values: We don't just talk the talk; we walk the walk. From learning and personal growth to caring deeply about our team and clients, our values are the compass guiding our vibrant workplace.
Competitive Compensation: Your hard work deserves recognition. Enjoy a competitive salary and benefits package, including comprehensive HMO coverage and optical reimbursements.
Flexible Work Options: Work your way! If you're outside Baguio City, embrace a permanent work-from-home setup. For those within Baguio, our hybrid work model offers the best of both worlds.
Wellness Matters: Recharge and refresh! Our flexible vacation and sick leaves empower you to prioritize your well-being, ensuring a healthy work-life balance.
Pathways to Success: Your journey with us is brimming with growth opportunities. We're dedicated to nurturing your career and supporting your rise through the ranks.
Ready to embark on an enriching journey? Join the eFlex family and experience a workplace that values your individuality and success. Let's thrive together!
br>eFlexervices is a BPO company with a legacy spanning 24 years. We've honed our craft in providing exceptional quality and building unshakable trust. At eFlex, we're not just a BPO company – we're your partners in success. Our approach is all about finding the perfect match between talent and the organizations we support. We're not just investing in our work; we're investing in people, optimizing performance, and maximizing efficiency. We are all about exceptional quality and unwavering trust. < r>
What we are looking for:
Are you ready to take your expertise to the next level? At eFlexervices, we're not just hiring a Technical Security & Compliance Analyst – we're empowering your talent to deliver quality and performance. Join us in shaping the success and making an impact that truly matters. < r>
The Technical Security & Compliance Analyst is a critical role focused on maintaining and enhancing an organization's security posture and regulatory adherence by managing technical and operational compliance activities for standards like SOC 2, ISO 27001, HIPAA, and GDPR. This involves the meticulous implementation, continuous monitoring, and thorough documentation of technical controls to protect sensitive data and systems, with all findings recorded in a compliance automation platform. The role demands a deep understanding of security frameworks, regulatory requirements, and technical infrastructure, serving as a vital link between technical and audit teams to mitigate risks, ensure data privacy, and uphold the organization's commitment to security and compliance.
What you’ll be doing: < r>
Operate and maintain the compliance automation tool (e.g., Vanta, Scytale, Secureframe).
Ensure device compliance (encryption, antivirus, MDM policies) across all endpoints.
Conduct periodic access reviews and enforce MFA.
Perform regular vulnerability scans and coordinate remediation with IT/dev teams.
Maintain secure configurations for cloud infrastructure.
Collect and upload technical evidence for audits.
Assist with incident detection, investigation, and response.
Collaborate with internal teams to close compliance gaps.
Qualifications and Requirements:
Bachelor’s degree in IT, Computer Science, Cybersecurity or related field. < r>2+ years in IT security, compliance, or systems administration.
Relevant security certifications such as Security+, CISA, CRISC, CISM, CISSP
Familiarity with SOC 2, ISO 27001, HIPAA, and GDPR preferred.
Experience with compliance or GRC tools is a plus.
Strong knowledge of endpoint, network, and cloud security.
Highly organized with strong attention to detail.
Proactive problem solver who can work independently.
Strong analytical and problem-solving skills
Benefits and Perks:
At eFlex, we're not just a workplace – we're a community of playmakers, committed to fostering growth, learning, and personal connections. Here's what's in store for you: < r>
Living Our Values: We don't just talk the talk; we walk the walk. From learning and personal growth to caring deeply about our team and clients, our values are the compass guiding our vibrant workplace.
Competitive Compensation: Your hard work deserves recognition. Enjoy a competitive salary and benefits package, including comprehensive HMO coverage and optical reimbursements.
Flexible Work Options: Work your way! If you're outside Baguio City, embrace a permanent work-from-home setup. For those within Baguio, our hybrid work model offers the best of both worlds.
Wellness Matters: Recharge and refresh! Our flexible vacation and sick leaves empower you to prioritize your well-being, ensuring a healthy work-life balance.
Pathways to Success: Your journey with us is brimming with growth opportunities. We're dedicated to nurturing your career and supporting your rise through the ranks.
Ready to embark on an enriching journey? Join the eFlex family and experience a workplace that values your individuality and success. Let's thrive together!
This advertiser has chosen not to accept applicants from your region.
5
Principal Security Compliance Analyst
Makati, National Capital Region
opentext
Posted today
Job Viewed
Job Description
**OPENTEXT - THE INFORMATION COMPANY**
As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.
**Principal Security Compliance Analyst**
**Opentext - The Information Company**
As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.
**The Opportunity**
The Principal Security Compliance Analyst will have the opportunity to impact meaningfully contribute to the OpenText Compliance Program in accordance with ISO 27001, PCI-DSS, SOC1/2, HIPAA, SOC2+HITRUST, SWIFT, Cyber Essentials+ and FedRAMP. The Principal Security Compliance Analyst plays a key role in the continued development and maturity of an ever-growing Security Compliance Program that supports the delivery of compliance certifications to support customer security requirements. In this role, you will be involved in leading and sustaining the various compliance programs by working collaboratively with internal teams, SMEs, external customers, vendors, auditors and other stakeholders.
**You Are Great At**
- Setting strategic direction for audit readiness, managing compliance programs, driving continuous improvement activities, delivering dashboarding & reporting metrics.
- Effectively communicating compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers and senior leaders.
- Coordinating the overarching annual audit plan with internal and external auditors to support delivery of multiple, simultaneous audits and certifications (both new and existing) within the Open Text portfolio
- Supporting delivery of audit milestones to ensure audit timelines stay on target by proactively identifying and coordination resolution of roadblocks, compliance risk.
- Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution.
- Participating in, or potentially leading, gap assessment, compliance readiness, and compliance monitoring activities.
- Developing metrics and dashboards for reporting on assigned compliance programs
**What It Takes**
- 7+ years of experience in IT audit and/or compliance, with a concentration on leading multiple, simultaneous audit engagements for a Cloud Service Provider, encompassing multiple frameworks
- Detailed understanding of evaluating the design and effectiveness of controls and experience working with auditors/regulators for compliance assessments
- Experience leading preparation for and/or managing assessment activities (SOC 2, ISO 27001, PCI DSS, HIPAA/HITRUST, SOX, SWIFT, FedRAMP etc.) for assigned cloud services through assessment planning, assessment fieldwork, and final report delivery
- Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
- Strong experience planning and overseeing projects to ensure they are completed in a timely fashion
- Ability to effectively communicate risks and issues and provide regular reporting on project status.
- Experience with GRC Tools & Compliance Automation is a plus.
- Strong technical, analytical, interpersonal, communication and writing skills.
- Effective team collaboration plus the ability to coach and mentor others.
- Strong personal characteristics as demonstrated by the following: Owners mindset, achievement-oriented, self-controlled, self-confident, flexible, approachable, and dedicated.
- Required industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor) or equivalent
- Bachelor’s Degree in Information Technology, Business, or related vocations.
**Global Job Posting Footers**:
- Subject to applicable laws and regulations, OpenText’s global vaccination policy requires all employees to be fully vaccinated against COVID-19 to enter an OpenText office. Accommodations may be available for specific roles.
At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.
Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.
As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.
**Principal Security Compliance Analyst**
**Opentext - The Information Company**
As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.
**The Opportunity**
The Principal Security Compliance Analyst will have the opportunity to impact meaningfully contribute to the OpenText Compliance Program in accordance with ISO 27001, PCI-DSS, SOC1/2, HIPAA, SOC2+HITRUST, SWIFT, Cyber Essentials+ and FedRAMP. The Principal Security Compliance Analyst plays a key role in the continued development and maturity of an ever-growing Security Compliance Program that supports the delivery of compliance certifications to support customer security requirements. In this role, you will be involved in leading and sustaining the various compliance programs by working collaboratively with internal teams, SMEs, external customers, vendors, auditors and other stakeholders.
**You Are Great At**
- Setting strategic direction for audit readiness, managing compliance programs, driving continuous improvement activities, delivering dashboarding & reporting metrics.
- Effectively communicating compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers and senior leaders.
- Coordinating the overarching annual audit plan with internal and external auditors to support delivery of multiple, simultaneous audits and certifications (both new and existing) within the Open Text portfolio
- Supporting delivery of audit milestones to ensure audit timelines stay on target by proactively identifying and coordination resolution of roadblocks, compliance risk.
- Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution.
- Participating in, or potentially leading, gap assessment, compliance readiness, and compliance monitoring activities.
- Developing metrics and dashboards for reporting on assigned compliance programs
**What It Takes**
- 7+ years of experience in IT audit and/or compliance, with a concentration on leading multiple, simultaneous audit engagements for a Cloud Service Provider, encompassing multiple frameworks
- Detailed understanding of evaluating the design and effectiveness of controls and experience working with auditors/regulators for compliance assessments
- Experience leading preparation for and/or managing assessment activities (SOC 2, ISO 27001, PCI DSS, HIPAA/HITRUST, SOX, SWIFT, FedRAMP etc.) for assigned cloud services through assessment planning, assessment fieldwork, and final report delivery
- Experience building certification roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule.
- Strong experience planning and overseeing projects to ensure they are completed in a timely fashion
- Ability to effectively communicate risks and issues and provide regular reporting on project status.
- Experience with GRC Tools & Compliance Automation is a plus.
- Strong technical, analytical, interpersonal, communication and writing skills.
- Effective team collaboration plus the ability to coach and mentor others.
- Strong personal characteristics as demonstrated by the following: Owners mindset, achievement-oriented, self-controlled, self-confident, flexible, approachable, and dedicated.
- Required industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor) or equivalent
- Bachelor’s Degree in Information Technology, Business, or related vocations.
**Global Job Posting Footers**:
- Subject to applicable laws and regulations, OpenText’s global vaccination policy requires all employees to be fully vaccinated against COVID-19 to enter an OpenText office. Accommodations may be available for specific roles.
At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.
Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.
This advertiser has chosen not to accept applicants from your region.
Be The First To Know
About the latest Security expert Jobs in Philippines !
6
Security Consultant - Endpoint Security
IBM
Posted today
Job Viewed
Job Description
**Introduction**
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
**Your role and responsibilities**
A Security Consultant is a cybersecurity professional responsible for safeguarding an organization's computer systems, endpoints, and sensitive data against cyber threats. They play a critical role in maintaining the confidentiality, integrity, and availability of organizational information by implementing and managing robust endpoint security and data protection solutions. This role ensures that security incidents are detected, prevented, and swiftly responded to maintaining the organization's cybersecurity posture and ensuring compliance with internal and regulatory data protection requirements.
Endpoint Security & DLP Management
* Design, implement, and manage endpoint security and Data Loss Prevention (DLP) solutions (e.g., Forcepoint, Symantec DLP, Microsoft Purview).
* Configure DLP policies to monitor and prevent unauthorized data access, transfer, or exfiltration across all endpoints.
* Perform continuous monitoring and tuning of DLP alerts and endpoint agents to ensure policy enforcement and coverage.
* Collaborate with infrastructure, application, and business teams to align endpoint and DLP policies with operational and compliance requirements.
* Ensure endpoint protection tools (AV, EDR, DLP) are properly deployed, updated, and aligned with security standards and best practices.
Incident Response and Security Assessments
* Respond to DLP-related incidents and support investigations, containment, and remediation activities
* Conduct regular endpoint and DLP control assessments, identifying gaps and providing mitigation recommendations.
* Monitor data usage and movement to detect anomalies, enforce data classification policies, and prevent policy violations.
* Support compliance teams in audit preparations and evidence gathering related to endpoint and data protection.
* Document incidents and provide technical input into root cause analysis and lessons learned exercises.
Security Excellence & Best Practices
* Stay informed on emerging endpoint and data protection threats, tools, and tactics to enhance technical defense strategies.
* Evaluate new security solutions, recommend enhancements to existing DLP and endpoint protection platforms.
* Develop and maintain security documentation, including standard operating procedures, configuration baselines, and knowledge articles.
* Conduct awareness sessions for users on endpoint hygiene, data security policies, and DLP best practices.
**Required technical and professional expertise**
* Experience with endpoint and DLP tools such as CrowdStrike, Trend Micro, Forcepoint DLP, Symantec DLP, or Microsoft Purview.
* Solid understanding of Windows, MacOS, and Linux operating systems and endpoint configurations.
* Working knowledge of data protection controls, threat detection, and incident response processes.
* Familiarity with security event triage and root cause analysis related to data protection incidents.
**Preferred technical and professional experience**
* Hands-on experience managing enterprise-grade DLP policies and alerts across various data channels (endpoints, email, cloud, etc.).
* Exposure to regulatory requirements and compliance frameworks (PDPA, GDPR, HIPAA, NIST, ISO 27001).
* Experience working in regulated industries such as financial services, healthcare, or telecom.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
**Your role and responsibilities**
A Security Consultant is a cybersecurity professional responsible for safeguarding an organization's computer systems, endpoints, and sensitive data against cyber threats. They play a critical role in maintaining the confidentiality, integrity, and availability of organizational information by implementing and managing robust endpoint security and data protection solutions. This role ensures that security incidents are detected, prevented, and swiftly responded to maintaining the organization's cybersecurity posture and ensuring compliance with internal and regulatory data protection requirements.
Endpoint Security & DLP Management
* Design, implement, and manage endpoint security and Data Loss Prevention (DLP) solutions (e.g., Forcepoint, Symantec DLP, Microsoft Purview).
* Configure DLP policies to monitor and prevent unauthorized data access, transfer, or exfiltration across all endpoints.
* Perform continuous monitoring and tuning of DLP alerts and endpoint agents to ensure policy enforcement and coverage.
* Collaborate with infrastructure, application, and business teams to align endpoint and DLP policies with operational and compliance requirements.
* Ensure endpoint protection tools (AV, EDR, DLP) are properly deployed, updated, and aligned with security standards and best practices.
Incident Response and Security Assessments
* Respond to DLP-related incidents and support investigations, containment, and remediation activities
* Conduct regular endpoint and DLP control assessments, identifying gaps and providing mitigation recommendations.
* Monitor data usage and movement to detect anomalies, enforce data classification policies, and prevent policy violations.
* Support compliance teams in audit preparations and evidence gathering related to endpoint and data protection.
* Document incidents and provide technical input into root cause analysis and lessons learned exercises.
Security Excellence & Best Practices
* Stay informed on emerging endpoint and data protection threats, tools, and tactics to enhance technical defense strategies.
* Evaluate new security solutions, recommend enhancements to existing DLP and endpoint protection platforms.
* Develop and maintain security documentation, including standard operating procedures, configuration baselines, and knowledge articles.
* Conduct awareness sessions for users on endpoint hygiene, data security policies, and DLP best practices.
**Required technical and professional expertise**
* Experience with endpoint and DLP tools such as CrowdStrike, Trend Micro, Forcepoint DLP, Symantec DLP, or Microsoft Purview.
* Solid understanding of Windows, MacOS, and Linux operating systems and endpoint configurations.
* Working knowledge of data protection controls, threat detection, and incident response processes.
* Familiarity with security event triage and root cause analysis related to data protection incidents.
**Preferred technical and professional experience**
* Hands-on experience managing enterprise-grade DLP policies and alerts across various data channels (endpoints, email, cloud, etc.).
* Exposure to regulatory requirements and compliance frameworks (PDPA, GDPR, HIPAA, NIST, ISO 27001).
* Experience working in regulated industries such as financial services, healthcare, or telecom.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
This advertiser has chosen not to accept applicants from your region.
7
Cloud Security Consultant
IBM
Posted 3 days ago
Job Viewed
Job Description
**Introduction**
We are seeking a highly skilled and experienced Cloud Security Consultant who will be responsible for the governance, strategy, and advisory aspects of cloud security. The individual will drive the adoption and continuous improvement of the Cloud Security Framework while overseeing the effective use of CSPM, CWP, and SSPM platforms across AWS, Azure, and GCP.
**Your role and responsibilities**
As a Cloud Security Consultant you will play a crucial role in strategic security planning, ensuring compliance with industry regulations and frameworks, and driving continuous improvement through automation and orchestration.This encompasses managing key performance indicators (KPIs), conducting regular security exercises, and collaborating effectively with other IT and security teams to enhance overall security monitoring and response capabilities. The ideal candidate will possess a deep understanding of current and emerging cyber threats and a proven ability to lead and motivate a team in a fast-paced, high-pressure environment.
Your primary responsibilities include:
Cloud Security Management and Compliance: Define, maintain, and enhance the organization's Cloud Security Framework in alignment with regulatory (e.g., BSP, DPA) and industry (e.g., NIST, CSA) standards. Provide cloud security governance across multi-cloud platforms (AWS, Azure, GCP). Oversee baseline and periodic posture assessments and trend analysis reporting. Oversee compliance reporting activities aligned with regulatory frameworks (PCI DSS, GDPR, NIST, CIS).
Cloud Security Optimization: Lead the development, tuning, and optimization of Prisma Cloud CSPM policies for AWS, Azure, and GCP. Lead onboarding and security posture policy configuration of the SSPM platform for key SaaS apps.
Threat Intelligence and Continuous Improvement: Design detection strategies and RQL-based investigation playbooks. Oversee CWPP alert tuning and ensure alignment with the client's governance protocols. Define and regularly tune posture rules and detection logic based on evolving threats. Continuously assess policy relevance against service updates and compliance mandates.
Cross-Team Collaboration: Collaborate with engineering, SOC, and risk/compliance teams to ensure policy enforcement and incident response readiness. Provide technical guidance to engineers conducting audit log analysis, threat hunts, and RCA activities.
Incident Management and Communication: Track and report on key cloud security KPIs, metrics, and control effectiveness. Review and refine policies, standards, SOPs, and guidelines related to cloud operations. Lead knowledge transfer sessions.
**Required technical and professional expertise**
Technical Requirements:
* More than 5 years in cloud security consulting, architecture, or posture management.
* Proven and extensive experience with Prisma Cloud (CSPM/CWPP) and SSPM platforms.
* Hands-on experience integrating alerts into SIEM/SOAR tools like Google SecOps.
* Familiar with cloud-native and hybrid environment architecture in AWS, Azure, or GCP
* Familiar with compliance frameworks: NIST CSF, CIS, GDPR, PCI DSS.
* Experience integrating alerts and posture signals into SIEM/ITSM (e.g., Chronicle, Splunk, ServiceNow)
Soft Skills:
* Strong analytical and problem-solving abilities with keen attention to detail.
* Excellent communication and collaboration skills, with the ability to interact effectively with stakeholders at all levels.
* Capable of managing multiple priorities in a fast-paced, dynamic environment.
**Preferred technical and professional experience**
Certifications: CCSP, GCSA, CISSP, CRISC, CISA, AWS/Azure/GCP Security Specialty ( or any cloud platform-specific certs), Prisma Cloud Certification (e.g., Palo Alto Networks Certified Cloud Security Engineer-PCCSE), Google Cybersecurity Professional Certificate or SIEM-specific trainings (e.g., Chronicle)
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
We are seeking a highly skilled and experienced Cloud Security Consultant who will be responsible for the governance, strategy, and advisory aspects of cloud security. The individual will drive the adoption and continuous improvement of the Cloud Security Framework while overseeing the effective use of CSPM, CWP, and SSPM platforms across AWS, Azure, and GCP.
**Your role and responsibilities**
As a Cloud Security Consultant you will play a crucial role in strategic security planning, ensuring compliance with industry regulations and frameworks, and driving continuous improvement through automation and orchestration.This encompasses managing key performance indicators (KPIs), conducting regular security exercises, and collaborating effectively with other IT and security teams to enhance overall security monitoring and response capabilities. The ideal candidate will possess a deep understanding of current and emerging cyber threats and a proven ability to lead and motivate a team in a fast-paced, high-pressure environment.
Your primary responsibilities include:
Cloud Security Management and Compliance: Define, maintain, and enhance the organization's Cloud Security Framework in alignment with regulatory (e.g., BSP, DPA) and industry (e.g., NIST, CSA) standards. Provide cloud security governance across multi-cloud platforms (AWS, Azure, GCP). Oversee baseline and periodic posture assessments and trend analysis reporting. Oversee compliance reporting activities aligned with regulatory frameworks (PCI DSS, GDPR, NIST, CIS).
Cloud Security Optimization: Lead the development, tuning, and optimization of Prisma Cloud CSPM policies for AWS, Azure, and GCP. Lead onboarding and security posture policy configuration of the SSPM platform for key SaaS apps.
Threat Intelligence and Continuous Improvement: Design detection strategies and RQL-based investigation playbooks. Oversee CWPP alert tuning and ensure alignment with the client's governance protocols. Define and regularly tune posture rules and detection logic based on evolving threats. Continuously assess policy relevance against service updates and compliance mandates.
Cross-Team Collaboration: Collaborate with engineering, SOC, and risk/compliance teams to ensure policy enforcement and incident response readiness. Provide technical guidance to engineers conducting audit log analysis, threat hunts, and RCA activities.
Incident Management and Communication: Track and report on key cloud security KPIs, metrics, and control effectiveness. Review and refine policies, standards, SOPs, and guidelines related to cloud operations. Lead knowledge transfer sessions.
**Required technical and professional expertise**
Technical Requirements:
* More than 5 years in cloud security consulting, architecture, or posture management.
* Proven and extensive experience with Prisma Cloud (CSPM/CWPP) and SSPM platforms.
* Hands-on experience integrating alerts into SIEM/SOAR tools like Google SecOps.
* Familiar with cloud-native and hybrid environment architecture in AWS, Azure, or GCP
* Familiar with compliance frameworks: NIST CSF, CIS, GDPR, PCI DSS.
* Experience integrating alerts and posture signals into SIEM/ITSM (e.g., Chronicle, Splunk, ServiceNow)
Soft Skills:
* Strong analytical and problem-solving abilities with keen attention to detail.
* Excellent communication and collaboration skills, with the ability to interact effectively with stakeholders at all levels.
* Capable of managing multiple priorities in a fast-paced, dynamic environment.
**Preferred technical and professional experience**
Certifications: CCSP, GCSA, CISSP, CRISC, CISA, AWS/Azure/GCP Security Specialty ( or any cloud platform-specific certs), Prisma Cloud Certification (e.g., Palo Alto Networks Certified Cloud Security Engineer-PCCSE), Google Cybersecurity Professional Certificate or SIEM-specific trainings (e.g., Chronicle)
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
This advertiser has chosen not to accept applicants from your region.
8
Cloud Security Consultant
IBM
Posted 3 days ago
Job Viewed
Job Description
**Introduction**
We are seeking a highly skilled and experienced Cloud Security Consultant who will be responsible for the governance, strategy, and advisory aspects of cloud security. The individual will drive the adoption and continuous improvement of the Cloud Security Framework while overseeing the effective use of CSPM, CWP, and SSPM platforms across AWS, Azure, and GCP.
**Your role and responsibilities**
As a Cloud Security Consultant you will play a crucial role in strategic security planning, ensuring compliance with industry regulations and frameworks, and driving continuous improvement through automation and orchestration.This encompasses managing key performance indicators (KPIs), conducting regular security exercises, and collaborating effectively with other IT and security teams to enhance overall security monitoring and response capabilities. The ideal candidate will possess a deep understanding of current and emerging cyber threats and a proven ability to lead and motivate a team in a fast-paced, high-pressure environment.
Your primary responsibilities include:
Cloud Security Management and Compliance: Define, maintain, and enhance the organization's Cloud Security Framework in alignment with regulatory (e.g., BSP, DPA) and industry (e.g., NIST, CSA) standards. Provide cloud security governance across multi-cloud platforms (AWS, Azure, GCP). Oversee baseline and periodic posture assessments and trend analysis reporting. Oversee compliance reporting activities aligned with regulatory frameworks (PCI DSS, GDPR, NIST, CIS).
Cloud Security Optimization: Lead the development, tuning, and optimization of Prisma Cloud CSPM policies for AWS, Azure, and GCP. Lead onboarding and security posture policy configuration of the SSPM platform for key SaaS apps.
Threat Intelligence and Continuous Improvement: Design detection strategies and RQL-based investigation playbooks. Oversee CWPP alert tuning and ensure alignment with the client's governance protocols. Define and regularly tune posture rules and detection logic based on evolving threats. Continuously assess policy relevance against service updates and compliance mandates.
Cross-Team Collaboration: Collaborate with engineering, SOC, and risk/compliance teams to ensure policy enforcement and incident response readiness. Provide technical guidance to engineers conducting audit log analysis, threat hunts, and RCA activities.
Incident Management and Communication: Track and report on key cloud security KPIs, metrics, and control effectiveness. Review and refine policies, standards, SOPs, and guidelines related to cloud operations. Lead knowledge transfer sessions.
**Required technical and professional expertise**
Technical Requirements:
* More than 5 years in cloud security consulting, architecture, or posture management.
* Proven and extensive experience with Prisma Cloud (CSPM/CWPP) and SSPM platforms.
* Hands-on experience integrating alerts into SIEM/SOAR tools like Google SecOps.
* Familiar with cloud-native and hybrid environment architecture in AWS, Azure, or GCP
* Familiar with compliance frameworks: NIST CSF, CIS, GDPR, PCI DSS.
* Experience integrating alerts and posture signals into SIEM/ITSM (e.g., Chronicle, Splunk, ServiceNow)
Soft Skills:
* Strong analytical and problem-solving abilities with keen attention to detail.
* Excellent communication and collaboration skills, with the ability to interact effectively with stakeholders at all levels.
* Capable of managing multiple priorities in a fast-paced, dynamic environment.
**Preferred technical and professional experience**
Certifications: CCSP, GCSA, CISSP, CRISC, CISA, AWS/Azure/GCP Security Specialty ( or any cloud platform-specific certs), Prisma Cloud Certification (e.g., Palo Alto Networks Certified Cloud Security Engineer-PCCSE), Google Cybersecurity Professional Certificate or SIEM-specific trainings (e.g., Chronicle)
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
We are seeking a highly skilled and experienced Cloud Security Consultant who will be responsible for the governance, strategy, and advisory aspects of cloud security. The individual will drive the adoption and continuous improvement of the Cloud Security Framework while overseeing the effective use of CSPM, CWP, and SSPM platforms across AWS, Azure, and GCP.
**Your role and responsibilities**
As a Cloud Security Consultant you will play a crucial role in strategic security planning, ensuring compliance with industry regulations and frameworks, and driving continuous improvement through automation and orchestration.This encompasses managing key performance indicators (KPIs), conducting regular security exercises, and collaborating effectively with other IT and security teams to enhance overall security monitoring and response capabilities. The ideal candidate will possess a deep understanding of current and emerging cyber threats and a proven ability to lead and motivate a team in a fast-paced, high-pressure environment.
Your primary responsibilities include:
Cloud Security Management and Compliance: Define, maintain, and enhance the organization's Cloud Security Framework in alignment with regulatory (e.g., BSP, DPA) and industry (e.g., NIST, CSA) standards. Provide cloud security governance across multi-cloud platforms (AWS, Azure, GCP). Oversee baseline and periodic posture assessments and trend analysis reporting. Oversee compliance reporting activities aligned with regulatory frameworks (PCI DSS, GDPR, NIST, CIS).
Cloud Security Optimization: Lead the development, tuning, and optimization of Prisma Cloud CSPM policies for AWS, Azure, and GCP. Lead onboarding and security posture policy configuration of the SSPM platform for key SaaS apps.
Threat Intelligence and Continuous Improvement: Design detection strategies and RQL-based investigation playbooks. Oversee CWPP alert tuning and ensure alignment with the client's governance protocols. Define and regularly tune posture rules and detection logic based on evolving threats. Continuously assess policy relevance against service updates and compliance mandates.
Cross-Team Collaboration: Collaborate with engineering, SOC, and risk/compliance teams to ensure policy enforcement and incident response readiness. Provide technical guidance to engineers conducting audit log analysis, threat hunts, and RCA activities.
Incident Management and Communication: Track and report on key cloud security KPIs, metrics, and control effectiveness. Review and refine policies, standards, SOPs, and guidelines related to cloud operations. Lead knowledge transfer sessions.
**Required technical and professional expertise**
Technical Requirements:
* More than 5 years in cloud security consulting, architecture, or posture management.
* Proven and extensive experience with Prisma Cloud (CSPM/CWPP) and SSPM platforms.
* Hands-on experience integrating alerts into SIEM/SOAR tools like Google SecOps.
* Familiar with cloud-native and hybrid environment architecture in AWS, Azure, or GCP
* Familiar with compliance frameworks: NIST CSF, CIS, GDPR, PCI DSS.
* Experience integrating alerts and posture signals into SIEM/ITSM (e.g., Chronicle, Splunk, ServiceNow)
Soft Skills:
* Strong analytical and problem-solving abilities with keen attention to detail.
* Excellent communication and collaboration skills, with the ability to interact effectively with stakeholders at all levels.
* Capable of managing multiple priorities in a fast-paced, dynamic environment.
**Preferred technical and professional experience**
Certifications: CCSP, GCSA, CISSP, CRISC, CISA, AWS/Azure/GCP Security Specialty ( or any cloud platform-specific certs), Prisma Cloud Certification (e.g., Palo Alto Networks Certified Cloud Security Engineer-PCCSE), Google Cybersecurity Professional Certificate or SIEM-specific trainings (e.g., Chronicle)
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
This advertiser has chosen not to accept applicants from your region.
9