21 Security Roles jobs in the Philippines

Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

**Summary**:

- ***

The Principal Governance, Risk, & Compliance (GRC) Analyst reports directly to the Director of GRC and is responsible for fulfilling and maturing services provided by the GRC team.**Responsibilities**:

- Maintain, and mature GRC services as a primary or backup service owner (e.g., Policy Management, Risk Management, Customer Security Due Diligence, Business Continuity Planning, etc.)
- Track assigned information security risks through the Risk Management process.
- Perform data quality reviews for GRC process measurement.
- Prepare risk management metrics and reporting.
- Work with Deltek technical and business professionals to determine appropriate risk treatment decisions and plans.
- Utilize governance, risk, and compliance (GRC) tools to manage list of external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows.
- Facilitate gathering, reviewing, and assembling internal and external audit evidence.
- Support projects as assigned to enhance Deltek compliance capabilities.
- Maintain proficiency with applicable laws, regulations, and standards.
- Draft and maintain compliance documents (e.g., policies, standards, procedures, etc.).
- Coordinate the adoption of information security best practices throughout the enterprise.

**Qualifications**

**Requirements**:

- B.S. degree (Information Security, Computer Science, MIS, or equivalent program preferred)
- Minimum 3 years of combined experience in Information security, compliance, technology audit, or a related field.
- Experience with NIST SP 800-53, ISO 27001, PCI DSS, or SOC 1/2.
- Strong written and verbal communication skills.
- Experience working in a collaborative team environment.

**Preferences**:

- CISSP, CISA, or other related information security certification desired.
- FedRAMP, NIST 800-171, CSA CCM, CIS Security Framework experience desired.
- Experience with software development in a cloud environment desired.

**Travel Requirements**
- 10%

Security Operations Analyst

**Responsibilities**:
Use SIEM technologies and other native tools to perform the monitoring of security events on a 24x7 basis.

Use the SIEM to monitor the network and perform analysis, while integrating the results and information needed to proactively protect the enterprise. This includes developing customized signatures, enterprise content filtering, or firewall ACL change recommendations.

Provide security events analysis and support to include identifying potential threat, anomalies, and infections, documenting findings, providing recommendations within the incident management system, performing triage of incoming security events, performing preliminary and secondary analysis of those events, and validating the events

Provide cybersecurity root-cause analysis in support of any tickets for which it fails to meet the Acceptable Quality Levels (AQLs) specified in the PRS. This root-cause analysis will include documenting recommendations for corrective action.
Minimum of 2 years of experience in Cyber Security.

Bachelor of Science (Masters preferred) in Computer Science, Systems Engineering, Cybersecurity, Information Technology or related area.

Working level knowledge of policies, procedures, and protocols of a government Security Operations Center.

**Preferred Certifications**: Comptia Security+ Certified Ethical Hacker (CEH)

Strong analytical and planning skills;
Good communication and presentation skills;
Excellent problem-solving skills;

MedSpecialized, Inc. is looking for a **Security Analyst**!

**General Description**:We are building a Security Operations Center (SOC). Are you good at identifying & responding to security incidents, driving engineering efforts to minimize risk, and skilled at threat hunting? If yes, then come and join us!

As an SOC Analyst, you will work as part of our Security Operations Center to be the first line of defense. You will use various defense tools to conduct analysis, identify security incidents and violations, help strengthen security controls and work with cross-functional teams with a customer-oriented approach to ensure that a secure workspace is provided to the workforce.

**Work Schedule and Arrangement**: Night shift, Office-based

**Office Location**: 8th floor Skyrise 4B Building, IT Park, Lahug, Cebu City, Cebu

**Responsibilities**:

- Engineer, implement and monitor security measures for the protection of computer systems, networks and information
- Identify and define system security requirements
- Identify and fix detected vulnerabilities to maintain a high-security standard
- Investigate security breaches and other cybersecurity incidents
- Prepare and document standard operating procedures and protocols
- Stay up-to-date on information technology trends and security standards

**Requirements**:

- 1 to 1.5 years relevant work experience
- 10 and 12th - 70 % to 80%
- Current SIEM experience/certifications would be a distinct advantage
- Knowledge of current security trends
- Basic knowledge of Windows server and Unix/Linux operating systems
- Strong experience in SIEM platform implementations
- Should have technical problem-solving skills in terms of logging, integration approach and project handling
- Should have hands-on incorporating logs or events or flows from cloud into SIEM tools
- Superior written and verbal communication skills, with a keen creative eye for details
- Good working knowledge in MS-Office
- Stable internet connection and a conducive work environment at home
- Physically fit to work in a BPO setting
- Willing to work in our Cebu IT Park office at least once a week
- Willing to work during holidays and weekends

**Salary and monetary benefits (in PHP)**:

- Monthly salary of 30,000 or more
- New hire bonus of 5,000

**Perks and other benefits**:

- Paid Training Period
- All national Philippines and USA holidays are observed
- Paid time off—public holidays, vacation, and personal time off
- Robust and effective Government Benefits Administration
- Lactation breaks (for breastfeeding moms)
- Discounted optical services with our partner clinic
- Free lunch/dinner and unlimited coffee and ice cream daily (for on site employees)
- Free Health insurance with one (1) free dependent
- Free Life insurance
- Free Accident insurance
- Relocation allowance for new hires (from Outside Cebu)
- Company-sponsored outings
- Interest-based employee clubs (DOTA, Basketball, Dance, Music, Photography, Yoga)
- International travel opportunities (India and US office)

**Our Recruitment Process**:
2. General Assessment
3. Initial Interview (Virtual)
4. Final Interview (Virtual)
5. Job Offer
6. Training

**Disclaimer for salary ranges**:Salary ranges may not be applicable to all. Depending on the level of experience, educational background and potential for growth seen during interviews, offers may go higher or lower.

**PRO TIP**:prepare for that interview and impress the hiring managers!

**Salary**: Php25,000.00 - Php40,000.00 per month

**Benefits**:

- Company events
- Health insurance
- Life insurance
- Opportunities for promotion
- Paid training
- Staff meals provided

Schedule:

- 8 hour shift

Supplemental pay types:

- 13th month salary
- Overtime pay

**Experience**:

- SIEM: 1 year (required)

Shift availability:

- Night Shift (required)

Risk Assessment

Facilitate annual NIST Cyber Security Framework security assessment with third-party
Conduct risk assessment on various products and services within the organisation and provide recommendations on mitigations.
Respond to customers third party risk assessment and comply with the TPRM specially for APRA regulated customers.
Review security procedures, policies in compliance with NIST CSF or ISO 27001 security frameworks, and that they are up to date, maintained and complied with.
Conduct assessment and respond to vulnerabilities when they surface, the likelihood, impact, and risk to the organisation.
Monitoring & Alerting

Work as a member of the Cyber Security Squad ensuring the security risks is managed appropriately, whilst conducting real-time monitoring, assessing, and triaging alerts.
Contribute to the development of response procedures and promote compliance to policies and standards relating to Cyber Security and reporting
Identify current and emerging technology issues including security trends, vulnerabilities, and threats.
Analysis, Recommendations & Reporting

Provide updates, task status and reporting on a regular basis on security related activities.
Support the effectiveness of the organisations ISMS, recommend, and provide solutions, updates and maintain its status as ISO 27001 certified.

You will be working alongside the talented, diverse team in multiple offices in Manila, UK, and Australia. You will also act to ensure that Sandstone Technology's critical assets are protected from threats both known and unknown.

**Security Architect**

In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We value the diverse backgrounds and perspectives that enable us to think globally. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.

Kroll is the premier global valuation and corporate finance advisor with expertise in complex valuation, disputes and investigations, M&A, restructuring, and compliance and regulatory consulting. Our professionals balance analytical skills, deep market insight and independence to help our clients make sound decisions. As an organization, we think globally—and encourage our people to do the same.

**Responsibilities**:

- Develop and maintain security policies and procedures
- Review existing and new technology architecture for data privacy and protection compliance
- Review existing and new technology to ensure it adheres to corporate information security standards
- Work with information security engineering to ensure all security tools are deployed
- Conduct routine security meetings
- Educate and promote secure software development lifecycle
- Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
- Travel as needed in support of the Information Security program.

**Requirements**:

- CISSP certification preferred but not required
- Minimum 5-7 years of experience in Information Security related positions
- Minimum 3-5 years of experience in security architecture
- Bachelor's degree in a related field from an accredited college or university
- Good English written and verbal communication skills
- Strong research skills
- Strong project management skills
- Ability to plan and complete tasks with mínimal oversight
- Ability to multi-task and prioritize tasks across a range of projects, adjusting to shifting priorities
- Excellent time management and organization skills
- Strong personal integrity
- Demonstrate commitment to obtaining outstanding results

Kroll is committed to equal opportunity and diversity, and recruits people based on merit.

LI-MF2
efin
LI-Hybrid

About the role: As a Cyber Security Analyst – Tier 1 in the Security Operations Center (SOC), you will be the first responder for business-impacting cyber security incidents that arise in our customers' environments. Fast, effective, and courteous service is the lifeblood of our organization, and this position requires nothing less. Your technical acumen will be challenged daily. Quick thinkers who can make decisions on their feet will be successful in this job.
br>What You’ll Do: < r>- Monitor cyber security tools to identify, triage, and report security incidents to customers.
- Leverage available cyber security capabilities to contain security incidents to prevent the lateral spread of malware or lateral movement of attackers.
- Conduct cyber security investigations to identify and rule out false positive security incidents.
- Provide additional cyber security investigatory support to customers as needed.
- Work with a team of like-minded professionals to monitor customer ticket queues and triage tickets that need immediate attention. We service customers as small as 10 users, up to multi-national enterprises.
- Follow pre-defined playbooks and runbooks and collaborate with other technical resources, where appropriate.
- Monitor and process event tickets on a prioritized basis as to the customer impact and urgency of these events.
- Remain cognizant of customer service-level agreements, and strive to meet or exceed them on a regular basis.
- Participate in Incident Management by providing situational reports (sitreps) via ticket updates and/or customer-facing communications.
- Provide first level technical resolution for cyber security incidents.
- Collaborate with our Network Operations Center (NOC) as needed, to document incidents, maintenance, and problems.
- Utilize various systems management tools to monitor availability, reliability, and performance of customer environments.
- Demonstrate problem solving skills that contribute towards the resolution of any issues that arise.
- Quickly assess an issue and form an understanding of the likely root cause in unfamiliar technical environments and technologies.
- Investigate, resolve, and/or escalate matters of significance pertaining to customer alerts and events.
- Document solutions, processes, procedures and present them in writing, verbally on the phone or in-person.
- Commit to professional growth and development by maintaining and/or obtaining new industry specific certifications.

What Skills & Experience You’ll Need: < r>- Experience with monitoring and using a SIEM
Azure Sentinel preferred (Splunk, Elastic, QRadar are nice to have)
- Experience supporting and administering the following is highly desired:
> Crowdstrike (or a similar nextgen endpoint solution)
> Azure or AWS cloud environments, including compute, storage, networking basics, and backups.
> Microsoft O365
> Windows Server OS: Windows 2012 through Windows 2019, including ADDS, DNS, DHCP, DFS, file/print services, PowerShell basics.
- Networking Basics (CompTIA Network+ equivalent).
- At least one of the following industry certifications highly desired: Security+, Network+, CEH, GCIH.
- A curious disposition.
- Strong documentation, reporting, analytical and problem-solving skills.
- The ability to effectively engage in customer-facing communications.

Preferred Qualifications:
- Experience with any of the following tools: Kaseya VSA, Auvik.
- Experience working in IT enterprises that use industry frameworks such as ITIL, COBIT, or MOF.

**Job Overview**:
**Responsibilities**:

- Support in the development, review, and maintenance of information security policies, procedures, and guidelines
- Analyze cybersecurity and data privacy risks by performing risk assessments and recommend mitigation controls
- Work with key personnel from other business functions on security and compliance requirements
- Analyze, collect, and follow-up audit evidence with tech and business teams
- Perform Business Impact Analysis (BIA) to support establishing BCP procedures and testing
- Determine resolution and root cause of security incidents and issues
- Advise internal stakeholders on security and data privacy matters
- Recommend improvements to process
- Support in handling of third-party audits and assessments
- Monitor and enforce compliance to policies, and strengthen awareness of employees regarding information security and data privacy
- Provide support in projects and other security endeavors from time to time

**Job Qualifications**:

- Bachelor's degree in IT or related field (e.g. Information Management, Computer Science, or equivalent; or 4 years of relevant IT experience)
- At least 2-3 years experience in the field of cybersecurity, risk and compliance, IT audit or related area
- At least 1 year working knowledge of security/risk management standards and frameworks (e.g. ISO 27001/31000, NIST CSF, CIS) or conducting risk assessments
- Excellent oral and written communication skills
- Strong analytical and problem-solving skills
- Knowledge and experience with PCIDSS preferred but not required
- Exposure to fintech industry and applicable regulations (e.g. DPA, BSP/AMLA, etc.) a plus, but not mandatory
- IT security and relevant certifications (e.g. Sec+, CEH, CPISI, ISMS-LI/A) an advantage

**KPIs/KRAs**:

- Identification of key security and data privacy risks and mitigating controls
- Execution of risk assessments, BCP testing, incident response tests
- Development and maintenance of security policies, procedures, and guidelines
- Support in attaining/retaining PCIDSS and other certifications

**Job Types**: Full-time, Permanent

**Salary**: Php20,000.00 - Php35,000.00 per month

**Benefits**:

- Additional leave
- Company Christmas gift
- Company events
- Employee discount
- Flexible schedule
- Health insurance
- Life insurance
- Opportunities for promotion
- Paid training
- Promotion to permanent employee

Schedule:

- 8 hour shift
- Day shift

Supplemental Pay:

- 13th month salary
- Overtime pay
- Performance bonus

**GENERAL PURPOSE**:
This position will support all aspects of compliance to information security requirements, IT industry standards and regulatory requirements (e.g., HIPAA, HITRUST, ISO 27001, SOC 1 and SOC 2 regulatory compliance) across Sitel Group from a global perspective. The position will assist with the production of risk assessments, contract reviews/assessments, audit and contingency planning, and evidence gathering. The position will support Security Assurance activities of other departments, measure inter-company and business-unit compliance to IT standards, evaluate reports and provide contractual certifications and accreditations. This position shall coordinate audit gap-analysis and remediation efforts.

**ESSENTIAL DUTIES AND RESPONSIBILITIES**:

- Adheres to Sitel policies on ethics and integrity.
- Perform work on Security Assurance and IT compliance matters; supports the Director, Global Security Assurance in pre-sale activities, assists with compiling responses to RFI/RFP questions for HITRUST, HIPAA, SOC 1 and SOC 2, answers and facilitates completion of data-security questionnaires, supports completion of client risk assessments, and measures compliance with contractual obligations.
- Support Sitel Group’s Global Security Assurance (GSA) Program and IT audits/assessments, conforming to existing policies and procedures, as well as all applicable laws and regulations.
- Compile and track risk and policy infractions, violations and compromises for reporting to business-unit stakeholder, client-representatives, and corporate leadership per the required guidelines.
- Conduct analysis and provide recommendations for management on identification of needs affecting the success of Sitel Group’s GSA mission and objectives.
- Maintain Company compliance with applicable security laws, regulations, Company security policies, procedures, and standards across the enterprise.
- Maintain technical competence in compliance and audit management methodology, tools, and best practices.
- Works closely with global divisions to provide insight to current compliance issues and will be responsible for moderately complex research and trending to assist with analysis and ensure overall IT compliance performance.
- Conduct research on various topics related to security, governance, and enterprise management
- _May perform other additional duties and responsibilities as assigned._

**EDUCATION and/or EXPERIENCE**
- Bachelor's degree in Computer Science, Computer Security, Information Technology or relevant field preferred. Experience and/or certifications can be accepted in lieu of education.
- O-3 years of experience in Third party risk management, Information Risk and Compliance or equivalent compliance audit experience.
- Familiarity with control frameworks such as NIST, ISO 27001, COSO, or CobIT required.
- Experience with cybersecurity in a highly regulated environment (healthcare/finance) preferred.
- Experience with HITRUST a plus.

**QUALIFICATIONS**:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Must have effective analytical abilities, strong interpersonal skills and the maturity and motivation to work effectively across project teams.
- Working with internal and external IT support teams, developing rapport and trust
- Ability to take initiative, plan, organize, prioritize, and balance multiple tasks and/or projects to ensure target dates and goals are achieved.
- Ability to build relationships and work in a team atmosphere.
- Ability to work independently towards goals.
- Excellent communication skills, both verbal and written.
- Present ideas, expectations and information in a concise, well-organized way.
- Keep Director of Global Security Assurance apprised of activities, issues, commitments, etc.
- Demonstrate self-confidence, energy and enthusiasm.
- Ability to be resourceful, creative and flexible.

**PHYSICAL DEMANDS**:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to speak and listen. The employee frequently is required to sit. The employee is occasionally required to stand; walk; use hands to finger, handle, or feel; and reach with hands and arms. The employee may occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, and ability to adjust focus.

**COMMITMENT TO ETHICS AND EQUAL EMPLOYMENT OPPORTUNITY**:
Sitel Group is firmly committed to conducting business i