IT Security Risk Assessment Officer

Taguig, National Capital Region

Posted 4 days ago


Company:: Hunter's Hub Incorporated
Company Description:: Hunter’s Hub Incorporated is a Sourcing and Headhunting company that was founded earlier on in the year 2018. The company prides itself in its ability to source and recruit only the best and brightest of each industry. Hunter’s Hub caters to numerous clients in a multitude of industries, and has a wide-range of candidate selections to suit any of our clients’ needs. Likewise, the company specialises in sourcing out highly skilled and multi-talented IT professionals because the company mostly caters to clients being widely known to be in the IT industry. Hunter’s Hub sets itself apart from the rest of the company in the industry due to the various prominent selections of services that are custom-fit for our clients and the numerous kinds of professionals we are able to provide. Our services are highly based off of our clients’ needs and requirements, and we are able to dispense any kind of personnel that they need whether professional or non-professional. We look for only the best, and provide only the best.
Contract Type:: Full Time
Experience Required:: 3 to 4 years
Education Level:: Bachelor’s Degree
Gender:: Any
Number of vacancies:: 3

Job Description

Job Description
Job Summary:

Develop tactical plans and programs for the establishment and maintenance of the Bank’s third-party information security risk management framework and ensure alignment with the enterprise risk framework. Performs third party security, system security and information asset-based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third-party relationships to identify potential risk including the determination of risk mitigation strategies. Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies. Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services.

Specific Duties & Responsibilities:

Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments.

Identify the Bank’s critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information.

Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data

Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable

Analyze and assess the impact of changes in process, technical changes and systems enhancements and third-party relationships.

Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk.

Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities.

Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment.

Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities.

Ensures security risk register is maintained and kept updated including status of remediation activities.

Executes and monitors accomplishment of the risk assessment plans and programs.

Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical. Tracking and follow up on status of mitigation activities.

Maintain and track library of records and documentation.

Investigation of applicable reported incidents related to information handling and data privacy.

Keep abreast of and apply information, IT and third-party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work.

Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them.

Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.

Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head.