Job Openings Risk & Security Assessment Lead Consultant

About the job Risk & Security Assessment Lead Consultant

Responsibilities:

  • Subject Matter Expert for Security and Risk Assessment activities
  • Performs security and/or risk assessments in a fast-paced environment along with providing timely and practical recommendations to mitigate the identified risks
  • Performs IT Security Audit (SOC 2, ITGC)
  • Leads discovery workshops with other consultants and key stakeholders, both in IT and other business units
  • Perform quality assurance on project deliverables (i.e. technical report, executive report, strategy & roadmap, etc.)
  • Leads project presentation for client project team and other key stakeholders
  • Leads project management and client management
  • Facilitate Security Training and Awareness
  • Assists the Partner in client pursuits, and presentation to client Senior/Executive Management
  • Leads pre-engagement and business development activities
  1. Scoping/discovery meeting with clients
  2. Development of proposal (technical and commercial) and presentation to clients
  3. Adherence with company risk management guidelines on engaging with clients
  4. Monitoring of pursuits from identification to engagement conversion
  5. Client Management all throughout the sales process

Qualifications:

  • Has 5-8 years experience in Information Technology
  • Has 3-5 years experience in security assessments (Vendor Security Risk Assessments, ISMS/NIST Assessment, SOC 2 Type 2 Assessment, RCSA, Configuration Review, Architecture Review, Controls Review) (Mandatory)
  • Has at least 1 year experience in IT Risk Assessments (or facilitated more than 2 IT Risk Assessment projects)
  • Has more than 1 year experience in Project Management (or acted as Project Manager for more than 2 projects) (Preferred)
  • Has at least 1 year experience in Business Development (Proposal development, Sales presentation, business case & portfolio development, etc.)
  • Working experience in IT Audit (ITACS and ITGC)
  • Working experience in Data Privacy (PDPA, GDPR, DPA of 2012)
  • Working experience in Security Awareness and Training
  • Specific 2 years experience in consulting/advisory engagements (preferred)
  • Strong knowledge in IT Audit/Assessments and/or Maturity Assessments
  • Strong knowledge on information security standards and guidelines such ISO 27001/2, NIST, CIS, PCI DSS and SWIFT CSP
  • Understanding of Security Operations Center processes and relevant technologies
  • Understanding of Cloud Compute, Storage, Security and Virtualization best practice
  • Good communicator and ability to interact with all levels within an organization (mandatory)
  • Good in technical writing and infographic reporting (mandatory)
  • Strong time management skills which allow for multi-tasking while managing shifting priorities
  • Proven history of providing exemplary customer service to both internal and external stakeholders

Preferably has at least one of the following certifications:

  • ISC2 CISSP
  • ISMS LA/LI
  • ISACA CISA or CRISC (mandatory)
  • Relevant certifications for PCI DSS, SWIF, HITRUST and other industry

Interested candidates may send their updated CV directly at danica@cobdenandcarter.com.

Location: Makati City

Work Setup: Hybrid

Work Schedule: Dayshift