Cybersecurity Risk and Compliance Specialist
Indexed description
Responsibilities:
- Conduct cyber assessments for organizations, technology environments, and solutions (e.g., threat & risk assessments, cyber maturity assessments, compliance assessments, due diligence, solution assessments, and AI-enabled solution assessments) to identify security gaps, vulnerabilities, and risks.
- Assess diverse solution types, including enterprise applications, cloud platforms, data/integration pipelines, third-party or vendor solutions, and AI-enabled or generative AI solutions.
- Evaluate security policies, procedures, governance practices, and technical controls to ensure compliance with industry standards such as NIST CSF, NIST 800-30, ISF IRAM2, ISO 27001, NIST AI RMF, OWASP LLM/GenAI guidance, etc., where applicable.
- Identify cyber threats, attack vectors, and potential risks impacting business operations and solution delivery.
- Evaluate solution-specific risks and controls, including access management, data protection, secure configuration, API/integration security, vendor dependencies, and AI-related risks such as prompt injection, data/model poisoning, model theft, and excessive agency.
- Recommend risk mitigation strategies to strengthen organizational cyber resilience.
- Provide cyber risk assurance by aligning security controls with business objectives.
- Assess the effectiveness of technical security controls such as access management, encryption, endpoint security, network security, and cloud security.
- Recommend improvements to security architecture and IT infrastructure to reduce cyber risks.
- Prepare detailed assessment reports, risk assessment documentation, and executive summaries.
- Present security risks findings and recommendations to senior leadership and technical teams.
Qualifications:
- Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or a related field.
- 3-7 years of experience in cybersecurity audits, threat and risk assessments (TRA), security risk management, and assessments of organizations, third-party environments, or technology solutions.
- Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, NIST 800-30, NIST AI RMF, ISO 27001, SOC 2, PCI DSS, CIS Controls, OWASP LLM/GenAI guidance, etc.).
- Hands-on experience with security risk assessment tools and methodologies.
- Understanding of security operations, threat intelligence, and incident response.
- Proficiency in network security, cloud security (AWS, Azure, GCP), application security, data security, and third-party/vendor risk considerations.
- Experience assessing enterprise applications, cloud services, integrations/APIs, vendor platforms, and AI-enabled or generative AI solutions is preferred.
- Excellent analytical, problem-solving, and communication skills.
- Ability to work collaboratively with technical and non-technical stakeholders.
- Certifications preferred:
- CISA (Certified Information Systems Auditor)
- CISSP (Certified Information Systems Security Professional)
- CRISC (Certified in Risk and Information Systems Control)
Working Set-up: Hybrid - 1-2x a week ONSITE / Nightshift
Office Location: Makati (Ayala or Legazpi Village site)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search