Apply now »

Security Assurance and Assessment Officer

Be #InGoodHands with Metrobank!

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!

 

Position Title:  Security Assurance and Assessment Officer

 

Job Summary: 

 

  • Develop tactical plans and programs for the establishment and maintenance of the Bank’s third-party information security risk management framework and ensure alignment with the enterprise risk framework
  • Performs third party security, system security and information asset-based risk assessment. Analyze and review of complex bank processes, application system and network security implementation and third-party relationships to identify potential risk including the determination of risk mitigation strategies
  • Analysis and review of complex application system and network security implementation on the current production environments to identify potential risk including the determination of risk mitigation strategies
  • Recommend strategies to control risks from inadequate protection of confidentiality, integrity and availability of the information assets, processing facilities and connected services

 

Role Exposure:

 

  • Prepares tactical plans and/or programs in the conduct of information, third party and system security risk assessments
  • Identify the Bank’s critical assets, threats to these assets, vulnerabilities, and reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information
  • Coordinate and assess the security performance of third-party vendors that collect, process, transmit, and store client data
  • Performs threat modelling-based system security risk assessment for all IT systems and other IT assets, as applicable
  • Analyze and assess the impact of changes in process, technical changes and systems enhancements and third party relationships.
  • Reviews adequacy of existing security controls to safeguard the confidentiality, integrity and availability of information and information processing facilities to mitigate information security risk
  • Formulates, recommends information security policies and procedures on physical, environmental and personnel security with respect to results of information security assessment activities
  • Responsible for coordinating across all business units and stakeholders in gathering information in preparation to the conduct of information, third party and system security risk assessment
  • Articulate security findings and risk remediation strategies through issuance of risk assessment report. Track and follow-up status of risk mitigation activities
  • Ensures security risk register is maintained and kept updated including status of remediation activities
  • Executes and monitors accomplishment of the risk assessment plans and programs
  • Articulate security findings and risk remediation strategies through issuance of risk assessment report; writing comprehensive, concise and understandable to non-technical
  • Tracking and follow up on status of mitigation activities
  • Maintain and track library of records and documentation
  • Investigation of applicable reported incidents related to information handling and data privacy
  • Keep abreast of and apply information, IT and third-party security trends and regulatory and compliance changes affecting the security of landscape, security best practices, threat landscape (emerging and existing) and apply them in daily work
  • Review the work of other Security Quality and Assurance Risk Assessors; guides and mentors them
  • Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies
  • Perform other information security risk management and compliance related duties and responsibilities as directed by the Department Head

 

Qualifications:

 

  • Bachelor's Degree
  • Experienced in IT general controls and auditing, preferably strong background on system security risk assessments
  • Can perform information security risk-based prioritization decisions, analyze business risk, and can articulate complex business/risk trade-off recommendations and decisions
  • Experienced on project security technical review and risk assessment
  • Analytical and risk identification skills to analyze a variety of information security –related risk situations and develop recommendations on the best course of action
  • Should also be abreast with security best practices and knowledge of common and emerging security threats
  • Professional Certification may include CISA, CISM, CRISK, PCI-DSS, ISO-27001 LA or equivalent is an advantage

Apply now »