166 Technology Risk jobs in the Philippines

Job Summary:

The IT Risk Consultant will be responsible for developing, implementing, and maintaining risk management, IT audit, and information security frameworks. This role focuses on creating policies and procedures, conducting IT risk assessments, and building IT audit programs aligned with industry best practices and regulatory requirements.

Key Responsibilities:

Policy & Compliance:

• Ensure compliance with relevant regulations (e.g., ISO 27001, NIST, GDPR, local data privacy laws).
• Assist in the development and maintenance of IT security policies, standards, and procedures.

IT Audit Program Development and Support

• Design and implement IT audit programs covering IT General Controls (ITGC) domains such as Access Management, Change Management, Operations, and System Development Lifecycle (SDLC).
• Coordinate and execute internal audits, reviews, and control testing activities.
• Assist in external audits and regulatory inspections as needed.

Risk Assessment & Management:

• Conduct enterprise-level and system-level IT risk assessments and audits to identify vulnerabilities in systems, networks, and processes.
• Evaluate the effectiveness of existing controls and recommend improvements
• .Develop and implement risk mitigation strategies and action plans.
• Monitor remediation efforts and track progress on risk reduction initiatives.
• Support management in defining risk appetite, metrics, and reporting for IT risk.

Continuous Improvement:

• Stay updated on emerging IT risks, threats, and best practices.
• Participate in training and awareness programs for staff.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field.
• 1-3+ years of experience in IT risk management, IT audit, or information security.
• Exposure to writing IT/security policies or procedures.
• Familiarity with ITGC domains and control testing.
• Basic understanding of ISO 27001, COBIT, or NIST frameworks.
• Strong analytical, problem-solving, and communication skills.
• Relevant certifications (e.g., CRISC, CISA, CISSP, ISO 27001 auditor/implementer) are a plus.

Preferred Skills:

• Experience with risk management tools and GRC platforms.
• Understanding of cloud security, network security, and application security.
• Ability to work independently and collaboratively in a fast-paced environment.

Job Type: Permanent

Pay: Php100, Php150,000.00 per month

Work Location: In person

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact.

Whether you're at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you'll have the opportunity to expand your skills and make a difference at one of the world's most global banks. We're fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You'll also have the chance to give back and make a positive impact where we live and work through volunteerism.

Shape your Career with Citi

Citi's Risk Management organization oversees risk-taking activities and assesses risks and issues independently of the front line units. We establish and maintain the enterprise risk management framework that ensures the ability to consistently identify, measure, monitor, control and report material aggregate risks.

We're currently looking for a high caliber professional to join our team as Assistant Vice President, Technology Risk & Compliance - Hybrid (Internal Job Title: Cyber Tech 2nd LOD Sr. Analyst) based in Taguig, Philippines. Being part of our team means that we'll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future. For instance:

• Citi provides programs and services for your physical and mental well-being including access to telehealth options, health advocates, confidential counseling and more. Coverage varies by country.
• We believe all parents deserve time to adjust to parenthood and bond with the newest members of their families. That's why in early 2020 we began rolling out our expanded Paid Parental Leave Policy to include Citi employees around the world.
• We empower our employees to manage their financial well-being and help them plan for the future.
• Citi provides access to an array of learning and development resources to help broaden and deepen your skills and knowledge as your career progresses.
• We have a variety of programs that help employees balance their work and life, including generous paid time off packages.
• We offer our employees resources and tools to volunteer in the communities in which they live and work. In 2019, Citi employee volunteers contributed more than 1 million volunteer hours around the world.

Individuals in Operational Risk establish and manage operational risk policies, propose strategies, and governance processes designed to minimize losses from inadequate controls, fraud, and potential bankruptcy. This includes supervision over technology operational risk, and cyber risk. These individuals are also responsible for the development of tools and infrastructure, using advanced analytical and statistical skills to identify policy gaps and recommend changes to current policies. This role is crucial to the company as it fortifies against potential operational risks, thereby protecting the company's financial stability and reputation, and contributing towards the overall business resilience and success.

In this role, you're expected to:

• Participate in initiatives to augment technology and/or cyber risk management practices and enhance organizational resilience.
• Support the development and implementation of technology and/or cyber risk management procedures and methodologies, including effective application within the businesses.
• Independently evaluate technology and/or cyber risks within the business to ensure they are within the acceptable risk appetite, taking proactive measures to address areas of concern.
• Collaborate with the business to understand its risk profile, evaluate technology and/or cyber risk exposure, incorporate risk mitigation practices, and monitor technology and cyber-related issues.
• Build and maintain effective engagement with the 1st Line of defense, understanding their needs, strategic priorities, challenges, & opportunities.
• Provide guidance on technology and/or cyber risk mitigation strategies and control enhancements to business and other stakeholders.
• Ensure technology and/or cyber risk management activities adhere to internal policies, external regulations, and industry standards.
• Partner with key stakeholders and subject matter experts across the organization to accomplish technology and/or cyber risk management goals.
• Provide consistent reporting to senior management and stakeholders on the status of technology and/or cyber assessments, detailing current risks and potential areas of concern.
• Analyze data to identify trends or emerging risks and provide timely recommendations to mitigate risk exposure.
• Conduct regular and comprehensive technology and/or cyber risk assessments, documenting findings and recommendations for reducing technology and cyber risk exposure.
• Is an enthusiastic and early adopter of change; takes ownership for helping others see a better future and stay positive during uncertainty.
• Demonstrates and inspires curiosity in seeking new ways to overcome challenges; actively applies learning from failures.
• Challenges self and others to seek out and communicate alternative views even when unpopular; welcomes diverse ideas to improve outcomes.
• Acts as a catalyst for change by identifying and helping others see where new ideas could benefit the organization.
• Proactively seeks to understand and act in alignment with organizational decisions; helps others prioritize team and enterprise success over their own personal agenda.
• Focuses on highest-priority work aligned to business goals; helps others effectively manage competing priorities.
• Proactively identifies opportunities to streamline work; creates process improvements that enhance efficiency for self and the team.
• Takes personal accountability for escalating, identifying, and managing potential risk; implements controls that enhance the client experience and operational effectiveness.
• Anticipates problems and proactively identifies solutions that address the root causes and result in meaningful improvements.
• Sets high expectations and invests the necessary effort to deliver excellence and exceed performance goals.
• Role-models and helps others to do the right thing for clients and Citi in all situations, even when difficult.
• Engages key stakeholders early and often and actively looks for opportunities to improve collaboration in achieving common goals.
• Proactively seeks out opportunities to volunteer in Citi programs that support the community; advocates for solutions that meet the needs of Citi's clients and the community.
• Enthusiastically promotes the unique needs and preferences of colleagues; makes active commitment to help colleagues achieve balance, well-being, and development.
• Leverages varied networks to recruit diverse talent; advocates for colleagues with diverse skillsets, styles, and experiences to gain career opportunities.
• Empathetically listens and understands others' positions before acting on issues; works to amplify voices that are minimized in the workplace.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

As a successful candidate, you'd ideally have the following skills and exposure:

• Expertise and extensive experience in Controls Testing methodologies and execution
• In-depth knowledge of Controls Testing principle
• Relevant industry certifications (CISA, CRISC) would be of advantage
• Preferably with exposure or have worked within an auditing firm environment
• Previous experience supporting risk management, compliance, governance, or controls related roles.
• Minimum of 6 years experience in technology risk and/or cyber risk management, information security, IT or related field preferred.
• Familiarity with regulatory requirements, technology risk and/or cyber security principles, strategies and technologies.
• Understanding of IT systems, networks, cloud services, security infrastructure and system vulnerabilities.
• Demonstrated experience in the risk management lifecycle.
• Exposure to enterprise risk management frameworks and knowledge of risk reporting tools and techniques.
• Exposure to technology risk and/or cyber risk concepts, methodologies and tools.
• Exercises independence of judgement and autonomy.
• Robust project management and organizational skills, with the ability to prioritize tasks, manage multiple initiatives, and meet deadlines in a fast-paced environment.
• Strong interpersonal skills, with the ability to network, build relationships and collaborate with cross-functional teams to meet deliverables.
• Ability to analyze data to identify trends and emerging risks.
• Ability to problem-solve, recommend practical and effective solutions, and make sound decisions under pressure.
• High level of integrity and professionalism, with the ability to handle sensitive and confidential information appropriately.

Education:

Bachelor's/University degree or equivalent experience

Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact.

Take the next step in your career, apply for this role at Citi today

-

Job Family Group:

Risk Management

-

Job Family:

Operational Risk

-

Time Type:

Full time

-

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

-

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

-

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View Citi's EEO Policy Statement and the Know Your Rights poster.

Title:
Senior IT Risk Analyst (Hybrid – Manila)

About the Role:

We are seeking a
Senior IT Risk Analyst
to support the Asian Development Bank (ADB) in strengthening its IT risk management processes and frameworks. This role will focus on assessing, mitigating, and reporting IT risks while ensuring alignment with international standards such as ISO 27001, COBIT, and NIST.

Key Responsibilities:

• Enhance IT risk frameworks and operational risk processes.
• Perform IT risk assessments and develop mitigation strategies.
• Conduct Security License to Operate (SLtO) reviews and policy exception tracking.
• Manage risk data and reporting in GRC systems and Power BI dashboards.
• Coordinate with internal stakeholders on IT governance, risk reporting, and compliance initiatives.

Qualifications:

• Bachelor's degree in IT, Business, or related field.
• 5+ years of experience in IT risk management, governance, or controls.
• Familiarity with frameworks: ISO 27001, COBIT, NIST, COSO, or SOX.
• Proficient in GRC tools, Office 365, and Power BI.
• Preferred certifications: CRISC, CISA, or ISO 27001 Lead Implementer.

Work Setup:

• Hybrid (3 days onsite, ADB HQ – Manila)
• Schedule:
  8:00 AM – 5:00 PM Manila Time
• Contract Type:
  1-year IDIQ Staff Augmentation, renewable

• Provides sound direction, guidance, advice, and consultation to business units concerning Technology and Information Security risk.
• Develop policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.
• Lead third-party assessments to adhere to the company's controls over Outsourced Service Provider,
• including IT due diligence, data privacy, and cyber resiliency.
• Engage in projects with technology component to implement baseline requirements (technology, cybersecurity, transition, etc.)
• Oversee the implementation of periodic compliance review over Technology and Information Security to
• evaluate the adequacy and effectiveness of the overall information security control posture and data privacy.
• Oversight on the performance of various security testing and results (penetration tests and vulnerability assessments) on information systems and infrastructure and assess risk response to observations.
• Oversee performance and delivery of incident / problem investigation results (post-mortem analysis) to ensure root cause is identified and proper action plans implemented.
• Oversee the formulation, approval, and execution of the ISP and ISSP as approved by the PH Risk Committee and PH Management Committee.
• Enforce compliance with corresponding policies, procedures, and standards across the organization.
• Increase technology and/or security awareness of the ban by educating, informing and reporting relevant mandates and/or issues to stakeholders.
• Establish oversight standards to ensure that technology, operational, and security controls / processes are embedded throughout the lifecycle of information systems, applications, products, and services.
• Participate in ensuring regulatory compliance and adherence to technology information security-related

Qualifications:

At least 5 years of experience in Technology Risk Management / Operational Risk Management

Exposure to digital and non-conventional banking or financial services is an advantage

Information Technology Infrastructure Library

Professional Scrum Master

Other technology-related licenses (if any)

Work set-up:

Hybrid (3x RTO, 2x WFH)

Monday- Friday

BGC, Taguig

Job Type: Full-time

Pay: Php130, Php150,000.00 per month

Benefits:

• Paid training

Work Location: In person

Technology Risk Head/Manager

Location: BGC, Taguig

Work Setup: Hybrid (3 days on-site)

Shift: Morning Shift (9:00 AM – 6:00 PM)

Salary: Up to PHP 150,000 MAX

Qualifications:

• At least 5 years of experience in Technology Risk Management / Operational Risk Management
• Exposure to digital and non-conventional banking or financial services is an advantage

Security Engineer – VAPT

Location: BGC, Taguig

Work Setup: Hybrid (3 days on-site)

Shift: 9:00 AM – 6:00 PM (may vary depending on workload)

Salary: Up to PHP 150,000 MAX

Qualifications:

• 5+ years of proven experience in a VAPT role or similar position
• Advanced penetration testing and bypassing security controls
• Experience in reverse engineering, exploitation, malware analysis, threat emulation, persistence techniques, and lateral movement
• Hands-on expertise with exploitation techniques, tools, and processes
• Excellent problem-solving and analytical skills
• Strong communication and collaboration abilities

Security Platform Engineer

Location: BGC, Taguig

Work Setup: Hybrid (3 days on-site)

Shift: 9:00 AM – 6:00 PM (may vary depending on workload)

Salary: Up to PHP 150,000 MAX

Qualifications:

• More than 5 years of experience in technology security roles with a focus on DLP, SIEM, EDR/XDR, UAM, and PAM
• In-depth knowledge of security configuration, controls, protocols, encryption techniques, and access control measures
• Familiarity with industry standards and best practices in data security
• Strong analytical and problem-solving skills
• Excellent communication and collaboration abilities

Security SIEM Engineer

Location: BGC, Taguig

Work Setup: Hybrid (3 days on-site)

Shift: 9:00 AM – 6:00 PM (may vary depending on workload)

Salary: Up to PHP 150,000 MAX

Qualifications:

• 5+ years of proven experience in a security operations role or similar position
• Strong knowledge of cybersecurity principles, practices, and technologies
• Hands-on experience with security tools (firewalls, IDS/IPS, antivirus, SIEM, etc.)
• Expertise in:
  
  • Incident Response & Management
  
  • Threat Hunting & Intelligence Integration
  
  • Security Operations & Monitoring
  
  • Forensics & Malware Analysis
  
  • Security Governance & Continuous Improvement
• Excellent problem-solving and analytical skills
• Strong communication and collaboration abilities

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Technology Assurance covers assurance and risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required. Engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. Engagements may be either assurance (attestation) and/or risk advisory in nature and vary considerably in size and complexity.

All our services whether assurance or advisory in nature are designed for the dual purpose of strengthening internal controls and, in so doing, helping to improve IT and business performance. In addition to assurance-related engagements such as financial attestation and SSAE 16 engagements, our IT risk advisory services focus on IT governance and effectiveness; IT program management and assurance; security and controls of ERP implementations; and business intelligence and information analysis.

Available Opportunities
See our current job openings below:

Req IDRoleExternal Link NFS - Technology Risk Manager - NFS - Technology Risk Manager - NFS - Technology Risk Manager - NFS - Technology Risk Senior Consultant - NFS - Technology Risk Senior Consultant - NFS - Technology Risk Senior Consultant - NFS - Technology Risk Senior - NFS - Technology Risk Staff - NFS - Technology Risk Staff - Generic (Japanese

• Please refer to the links above to proceed with your application and disregard the "apply now" button below

EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

JOB SUMMARY

• Assists the Risk Management Division head in its risk oversight function on technology risk through the use of applicable risk management tools to identify, measure, monitor, and control technology risks;
• Directs the Bank in protecting all information assets and assists the Senior Management Response Team (MANCOM) in its business continuity and disaster recovery program by designing, reviewing, and implementing the business continuity program.

QUALIFICATIONS

• Bachelor's Degree in Information Technology, Computer Engineering, Computer Science, Business and Accountancy, or other relevant courses from a reputable school or university.
• At least five (5) years of experience in IT Risk Management preferably in a bank or financial institution.
• At least three (3) years of experience in IT security, incident management, and people management.
• Working knowledge of the following security standards: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or Certified Information Systems Security Professional (CISSP), A52ITIL, ISO27001, and COBIT Certification is an advantage.