13 Vulnerability Management jobs in the Philippines

Introduction
We are seeking for a Vulnerability Management Analyst to support daily operations of our vulnerability assessment platform. This role involves executing scheduled scans, managing asset groupings, tracking remediation efforts, and generating dashboards and reports. The ideal candidate is detail-oriented, collaborative, and eager to grow in the cybersecurity and risk management field.

Your Role And Responsibilities

• Execute scheduled and ad-hoc vulnerability scans, including discovery, compliance, and web application scans.
• Monitor scan schedules and ensure timely completion across in-scope systems and assets.
• Manage and update asset groupings, scan configurations, and scan credentials within the VA platform.
• Analyze scan findings, generate posture reports, and escalate critical issues based on defined SLAs.
• Support in generating weekly vulnerability dashboards and monthly executive summary reports.
• Track remediation activities in collaboration with server, network, and application teams; provide timely updates.
• Assist in agent deployment, configuration, and troubleshooting across supported assets.
• Conduct ad-hoc scanning requests from internal audit, risk, or operational teams and prepare tailored reports.
• Support documentation and SOPs related to scanning procedures, asset onboarding, and credential management.
• Contribute to audit readiness by maintaining accurate records of scans, findings, and remediation status.
• Collaborate with the SME and security teams in maintaining platform stability, versioning, and health.

Preferred Education
Bachelor's Degree

Experience
Required technical and professional expertise

• Hands-on experience with VA platforms such as Qualys, Tenable, or Rapid7.
• Basic understanding of asset discovery, vulnerability scoring (CVSS), and common remediation strategies.
• Strong attention to detail and ability to track multiple remediation efforts across different teams.

Soft Skills

• Strong analytical and problem-solving abilities with keen attention to detail.

Preferred Certifications
Preferred technical and professional experience

• Tenable Certified Analyst or Qualys Certified Specialist or similar certifications
• GIAC Security Essentials (optional)

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

Who You'll Be Working With
If you have a strong background in IT, computer science, or software engineering, and are analytical, technologically savvy, solutions and process-focused, then the Technology & Operations team may be for you

You'll Be Responsible For The Following

• Defining and leading the overall strategy for enterprise-wide vulnerability management and risk assessment.
• Developing and enforcing standards, policies, and procedures for vulnerability assessments and remediation.
• Representing vulnerability management in risk committees, audit reviews, and executive briefings.
• Overseeing the end-to-end vulnerability lifecycle including scanning, validation, risk classification, ticketing, remediation tracking, and metrics reporting.
• Implement KPIs and dashboards to measure the effectiveness and maturity of the program (e.g., SLA compliance, Mean-Time-To-Remediate).
• Maintain alignment with NIST, ISO 27001, CIS Controls, PCI DSS, and other security frameworks and standards.
• Managing and mentoring a team of vulnerability analysts, engineers and managers.
• Coordinating with Security Defense Team, IT Ops, AppSec, and DevSecOps teams to support patching and configuration remediation activities.
• Oversee the deployment, configuration, and tuning of scanning tools (e.g., Qualys, Nessus, Rapid7, CrowdStrike Falcon Spotlight).
• Lead efforts in integrating vulnerability data into ticketing systems (e.g., JIRA, ServiceNow) and CMDBs for accurate asset-risk correlation.

We're Looking For

• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field
• 8–12 years of experience in IT security with 5+ years in vulnerability management and risk assessment.
• 5+ years of experience in a managerial or leadership role.
• Strong understanding of CVSS, EPSS, threat intelligence, and risk-based prioritization models.
• Experience with vulnerability scanning platforms and asset discovery tools.
• Familiarity with cloud security (AWS, Azure, GCP, Alibaba), container security, and CI/CD pipelines.
• Excellent communication, analytical thinking, and stakeholder management skills.
• Relevant certifications preferred (e.g., CISSP, CISM, GIAC GCCC, OSCP, CRISC).

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package

Key Responsibilities:

• Lead the deployment, configuration, and initial operationalization of in the organization.
• Integrate with asset inventory systems (e.g., CMDB), directory services, and other security tools.
• Define asset groups, tagging policies, and scan zones aligned with business units, device types, and criticality.
• Configure scan policies for different asset types, including authenticated and unauthenticated scans.
• Ensure proper coverage of external and internal networks, including firewalls, servers, and cloud environments.
• Troubleshoot scan failures and coordinate with system and network teams for scan access and permissions.
• Establish user roles, permissions, and access controls within for different stakeholders.
• Collaborate with the Security, Infrastructure, and Application teams to validate asset visibility and scan accuracy.
• Create custom dashboards, reports, and alerting based on vulnerability severity, asset criticality, and SLAs.
• Document setup procedures, scan configurations, and operational guidelines.
• Stay up-to-date on Tenable best practices and updates, applying improvements as needed

Qualifications

Professional & Technical Skills:

• Bachelor's degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).
• 3+ years of experience in vulnerability management, security engineering, or network security roles.
• Hands-on experience setting up and administering (or Tenable.SC/Nessus Pro)
• Strong understanding of vulnerability scanning, asset discovery, risk prioritization, and remediation workflows
• Familiarity with firewall technologies, network segmentation, and enterprise architecture
• Experience with scripting (PowerShell, Python, Bash) and automation is a plus
• Knowledge of governance frameworks (e.g., NIST, ISO and security best practices
• Certifications such as CompTIA Security+, CEH, or Tenable Certified Professional are a plus.

Additional Requirements:

• Strong analytical and troubleshooting skills
• Attention to detail and process-oriented mindset
• Excellent communication and documentation skills
• Ability to work independently and collaboratively across teams
• Comfortable in a fast-paced, evolving IT environment
• Must be willing to work on a shifting schedule at our Cubao office (hybrid work set-up)

What's in it for you?

• Competitive Total Rewards (Compensation, Performance Bonus, 13th Month Pay, Day 1 HMO & Life Insurance Coverage)
• Expanded maternity leave up to 120 days*
• Expanded paternity leave up to 30 days*
• Flexible Working Arrangements*
• Healthy and Encouraging Work Environment
• Company-sponsored trainings like upskilling and certification
• Employee Stock Purchase Pan
• Loyalty and Christmas Gift
• Inclusion and Diversity Benefits
• Car and housing plan*

*Terms & Conditions apply

JOB SUMMARY

• Oversee employees, consultant, subsidiaries and vendor's compliance with ISPP

regarding the security of the Bank's information assets;

• Monitor the adequacy and effectiveness of the systems of internal control to ensure

that the systems minimize operations risk and identify exposures while the

consequences are still avoidable;

• Provide effective assessment of risks to ensure the soundness of information

technology; and

• Provide consulting activity to improve the risk management process of the

organization.

JOB DESCRIPTION

• Maintain a good working relationship with unit management and meets with Group

Heads or senior Bank management to explain information pertaining to adequacy,

effectiveness and efficiency of internal control systems to mitigate the risks identified.

• Develop and maintain key relationship with professional associations and /or individuals to exchange information on unusual or emerging technical issues and risk engines.
• Facilitate periodic risk assessment following the ACES and ISRA methodologies of the bank information assets.
• Conduct or review complex or specialized risk assessment of functions, identifies and evaluate risk concerns, recommend mitigating controls and report summary information deficiencies of business and operating units
• Recommends strategies and programs in relation to the Bank's Information Security
• Provide consulting activities to business and operating units on IT risks and information security issues covering Bank's processes, operating policies and procedures.
• Ensure adequacy and relevance of Information Security Policies and Procedures.
• Oversee user's adherence to security policy and report breaches to the appropriate authority
• Develop or enhance the risk assessment program on information security and privacy matter
• Develop and provide continuing education and advisory on information security and privacy matters for Bank personnel
• Participate in the Business Continuity Planning
• Assist in facilitating the vulnerability assessment and penetration testing exercises conducted by third party consultants and monitor resolution.
• Ensure timely resolution of internal and regulatory findings.
• Keep abreast of latest information security and privacy regulations and vulnerabilities and new and emerging security technology
• Prepare, assist and gather information for management or BROC reporting

JOB QUALIFICATION

• At least 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
• Minimum 2 - 3 years in a supervisory or leadership role managing risk assessments, audits, or compliance activities.
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Proficiency in risk management methodologies such as ISRA, RCSA, and SASRA, including risk registers and heatmaps.

Collections Officer Responsibilities:

• Aging and credit control monitoring
• Ensure client has adequate notes, paperwork, and collection notes
• High concentration balance confirmations monthly
• Balance confirmations for large dollar value invoices/debtors
• Reworking of invoice batches
• Correct any mismatched debtors, new debtor bonafides, spot check invoices
• Saving copy of invoices and backup paperwork to system where required
• Conduct debtor limit assessments and insurance where required
• Regular contact with debtors and clients
• Coordinate with client's team to produce high quality and timely information

The Client is an Australian national financial institution. You will be handling a portfolio of small clients, with your role focused on doing balance verifications and obtaining supporting paperwork for the larger dollar value/concentration debtors on the portfolio.

Collections Officer Requirements:

• Preferably with Call Center Experience.
• Bachelor's degree in accounting or business management, or a similar field.
• Previous experience working as a Collections Officer.
• Excellent negotiating skills.
• Good written and verbal communication skills.
• Familiarity with state debt collection laws.
• Knowledge of payment plans and accounting procedures.
• Knowledge of office and accounting software.
• Patience and resilience.

Job highlights:

• On-site, office based in Cebu City
• Fixed day shift (morning shift)
• Fixed weekends off
• Shortened probation
• HMO upon regularization
• Up to 2 HMO dependents after 2 years of service
• Company lunches
• Snacks, coffee, and drinks in the pantry
• Access to gym and swimming pool

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

GENERAL RESPONSIBILITIES

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

TECHNICAL COMPETENCIES

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO /2, CIS (Center for Internet Security), etc.
• Risk based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling ex: STRIDE and similar

QUALIFICATIONS

• Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning
• Has excellent verbal and written communication skills.
• Has good presentation skill.
• Exhibits critical thinking.
• Strong leadership skills
• Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar.
• Other relevant technical certification would also be an advantage.

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

• ROLES AND RESPONSIBILITIES A. Does (The tasks / responsibilities that the role performs to address requirements in Key Result Areas)
• Assist in the execution of the Institutional Risk Assessment (IRA) process to identify and assess AML risks across business lines.
• Gather and analyze relevant data to support risk assessments and help determine inherent and residual risks.
• Contribute to the development and application of risk scoring tools and models.
• Support periodic reviews and updates of the IRA framework to align with regulatory requirements and internal changes.
• Coordinate with business units and control owners to gather input and validate risk information.
• Prepare risk summaries, dashboards, and reports for internal stakeholders and regulatory submissions.
• Monitor regulatory changes and assist in updating risk factors and control evaluations accordingly.
• Help identify control gaps and recommend enhancements to mitigate identified AML risks.
• Assist in preparing documentation for internal audits, regulatory exams, and board presentations.

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

• Develops a complete understanding of a company's technology and information systems.
• Identify and communicate current and emerging cybersecurity and fraud threats and risks that are relevant to GCASH.
• Design cybersecurity and fraud management architecture elements for GCASH to mitigate threats as they emerge.
• Plan, research and design robust cybersecurity and fraud management architectures for demands of GCASH
• Understands the business direction, threat landscape globally and regionally for the Fintech Industry.
• Collaborates with product teams and business to understand the business direction and anticipating Security and Fraud Risks relevant to whatever the direction business is moving towards.
• Formulates the new cybersecurity and fraud management blueprints to ensure business is able to pursue the plans at the same time managing the risks for GCASH.
• Conducts research on Emerging Technologies and their evolving threats to be used for the Threat Modeling process.)
• Creates and maintains Fraud and Security Blueprints for emerging and existing technology and information systems.
• Communicate the new Fraud and Security Blueprints to relevant teams/groups pervasively within GCASH.
• Responds to, and investigates, cybersecurity and fraud incidents and provides thorough post-event analyses in collaboration with the ISDP GGSOC team.
• Reviews current system cybersecurity and fraud measures and decides and oversees implementation of enhancements for GCASH.
• Receives escalation from Fraud and Security Consultants handling FSR and assess validity of escalations and assess potential controls to address the escalations.
• Regularly communicates vital information, cybersecurity and fraud management needs and priorities to upper management.

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package