Back to search
KPMG Philippines Linkedin · Posted 5d ago

Cybersecurity Risk and Compliance Specialist

Philippines

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Responsibilities:


  • Conduct cyber assessments for organizations, technology environments, and solutions (e.g., threat & risk assessments, cyber maturity assessments, compliance assessments, due diligence, solution assessments, and AI-enabled solution assessments) to identify security gaps, vulnerabilities, and risks.
  • Assess diverse solution types, including enterprise applications, cloud platforms, data/integration pipelines, third-party or vendor solutions, and AI-enabled or generative AI solutions.
  • Evaluate security policies, procedures, governance practices, and technical controls to ensure compliance with industry standards such as NIST CSF, NIST 800-30, ISF IRAM2, ISO 27001, NIST AI RMF, OWASP LLM/GenAI guidance, etc., where applicable.
  • Identify cyber threats, attack vectors, and potential risks impacting business operations and solution delivery.
  • Evaluate solution-specific risks and controls, including access management, data protection, secure configuration, API/integration security, vendor dependencies, and AI-related risks such as prompt injection, data/model poisoning, model theft, and excessive agency.
  • Recommend risk mitigation strategies to strengthen organizational cyber resilience.
  • Provide cyber risk assurance by aligning security controls with business objectives.
  • Assess the effectiveness of technical security controls such as access management, encryption, endpoint security, network security, and cloud security.
  • Recommend improvements to security architecture and IT infrastructure to reduce cyber risks.
  • Prepare detailed assessment reports, risk assessment documentation, and executive summaries.
  • Present security risks findings and recommendations to senior leadership and technical teams.


Qualifications:


  • Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or a related field.
  • 3-7 years of experience in cybersecurity audits, threat and risk assessments (TRA), security risk management, and assessments of organizations, third-party environments, or technology solutions.
  • Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, NIST 800-30, NIST AI RMF, ISO 27001, SOC 2, PCI DSS, CIS Controls, OWASP LLM/GenAI guidance, etc.).
  • Hands-on experience with security risk assessment tools and methodologies.
  • Understanding of security operations, threat intelligence, and incident response.
  • Proficiency in network security, cloud security (AWS, Azure, GCP), application security, data security, and third-party/vendor risk considerations.
  • Experience assessing enterprise applications, cloud services, integrations/APIs, vendor platforms, and AI-enabled or generative AI solutions is preferred.
  • Excellent analytical, problem-solving, and communication skills.
  • Ability to work collaboratively with technical and non-technical stakeholders.
  • Certifications preferred:
  • CISA (Certified Information Systems Auditor)
  • CISSP (Certified Information Systems Security Professional)
  • CRISC (Certified in Risk and Information Systems Control)


Working Set-up: Hybrid - 1-2x a week ONSITE / Nightshift

Office Location: Makati (Ayala or Legazpi Village site)

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent