GDS Advisory _ Cybersecurity Risk Management Consultant
Quezon City (Eastern Manila District) IT development
Job description
Job Description:
· Analyst / Associate Consultant in the Risk Advisory team to work on various Cyber Risk Management projects for our customers across the globe.
· Deliver high quality work products as per firm’s guidelines. You will need to actively establish, maintain and strengthen relationships with other team members. You’ll need to report any identified risks within engagements and share any issues and updates with other members of the team.
· Engage in Cyber Risk Management projects in the capacity of execution of deliverables
· Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating other team members on progress
· Help prepare reports and schedules that will be delivered to clients and other parties
· Demonstrate an application and solution-based approach to the problem solving technique
· Review of working papers and client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service
· Manage engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development
· Willing to travel to the customers locations as needed basis
· Be a part of and driving the quality culture at EYA GTH
· Contribute to people related initiatives
· Understand and follow workplace policies and procedures
Job Requirements:
Mandatory skills:
· Knowledge of Information Security Frameworks such as ISO27001, PCI-DSS, NIST, etc
· Implementation / audit of ISO27001 or equivalent ISMS
· Knowledge of data privacy frameworks or regulations such as GDPR or Philippines Data Privacy Act 2012
· Ability to conduct a Privacy Impact Assessment for a process or organization
· Knowledge of cyber / information security concepts, risk and controls concepts
· Experience creating or supporting a security awareness campaign for an organization
· Conduct Security Risk Assessments based on customer requirement as well as industry standards
· Advise clients on the IT security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems.
· Ability to communicate in a clear and concise manner.
· Ability to prioritize tasks and work accurately under pressure in order to meet deadlines.
· Experience in vendor security risk management (Risk Assessment, Risk Governance, Mitigation Controls, Risk Methodologies)
· Knowledge of OS (Windows / Linux) security, Database security
· Knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.)
· Basic knowledge of encryption
· Graduates / BE - B. Tech / MCA / M. Sc. (Stats, Maths, Computer Science) with background in computer science and programming and 0 – 4 years of experience
Preferred skills:
· Experience in incident management
· Knowledge of standards such as ISO 22301, ISO 31000, NIST standards on Cyber Security, HITRUST, etc.
· Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc.
· ISO 27001 Lead Auditor or Lead Implementer
· Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts
· Knowledge of cyber threats and vulnerabilities related to platform and infrastructure
Job Description:
· Analyst / Associate Consultant in the Risk Advisory team to work on various Cyber Risk Management projects for our customers across the globe.
· Deliver high quality work products as per firm’s guidelines. You will need to actively establish, maintain and strengthen relationships with other team members. You’ll need to report any identified risks within engagements and share any issues and updates with other members of the team.
· Engage in Cyber Risk Management projects in the capacity of execution of deliverables
· Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating other team members on progress
· Help prepare reports and schedules that will be delivered to clients and other parties
· Demonstrate an application and solution-based approach to the problem solving technique
· Review of working papers and client folders. Suggest ideas on improving engagement productivity and identify opportunities for improving client service
· Manage engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development
· Willing to travel to the customers locations as needed basis
· Be a part of and driving the quality culture at EYA GTH
· Contribute to people related initiatives
· Understand and follow workplace policies and procedures
Job Requirements:
Mandatory skills:
· Knowledge of Information Security Frameworks such as ISO27001, PCI-DSS, NIST, etc
· Implementation / audit of ISO27001 or equivalent ISMS
· Knowledge of data privacy frameworks or regulations such as GDPR or Philippines Data Privacy Act 2012
· Ability to conduct a Privacy Impact Assessment for a process or organization
· Knowledge of cyber / information security concepts, risk and controls concepts
· Experience creating or supporting a security awareness campaign for an organization
· Conduct Security Risk Assessments based on customer requirement as well as industry standards
· Advise clients on the IT security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the systems.
· Ability to communicate in a clear and concise manner.
· Ability to prioritize tasks and work accurately under pressure in order to meet deadlines.
· Experience in vendor security risk management (Risk Assessment, Risk Governance, Mitigation Controls, Risk Methodologies)
· Knowledge of OS (Windows / Linux) security, Database security
· Knowledge of IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.)
· Basic knowledge of encryption
· Graduates / BE - B. Tech / MCA / M. Sc. (Stats, Maths, Computer Science) with background in computer science and programming and 0 – 4 years of experience
Preferred skills:
· Experience in incident management
· Knowledge of standards such as ISO 22301, ISO 31000, NIST standards on Cyber Security, HITRUST, etc.
· Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc.
· ISO 27001 Lead Auditor or Lead Implementer
· Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts
· Knowledge of cyber threats and vulnerabilities related to platform and infrastructure