Job Openings
Risk & Security Assessment Lead Consultant
About the job Risk & Security Assessment Lead Consultant
Responsibilities:
- Subject Matter Expert for Security and Risk Assessment activities
- Performs security and/or risk assessments in a fast-paced environment along with providing timely and practical recommendations to mitigate the identified risks
- Performs IT Security Audit (SOC 2, ITGC)
- Leads discovery workshops with other consultants and key stakeholders, both in IT and other business units
- Perform quality assurance on project deliverables (i.e. technical report, executive report, strategy & roadmap, etc.)
- Leads project presentation for client project team and other key stakeholders
- Leads project management and client management
- Facilitate Security Training and Awareness
- Assists the Partner in client pursuits, and presentation to client Senior/Executive Management
- Leads pre-engagement and business development activities
- Scoping/discovery meeting with clients
- Development of proposal (technical and commercial) and presentation to clients
- Adherence with company risk management guidelines on engaging with clients
- Monitoring of pursuits from identification to engagement conversion
- Client Management all throughout the sales process
Qualifications:
- Has 5-8 years experience in Information Technology
- Has 3-5 years experience in security assessments (Vendor Security Risk Assessments, ISMS/NIST Assessment, SOC 2 Type 2 Assessment, RCSA, Configuration Review, Architecture Review, Controls Review) (Mandatory)
- Has at least 1 year experience in IT Risk Assessments (or facilitated more than 2 IT Risk Assessment projects)
- Has more than 1 year experience in Project Management (or acted as Project Manager for more than 2 projects) (Preferred)
- Has at least 1 year experience in Business Development (Proposal development, Sales presentation, business case & portfolio development, etc.)
- Working experience in IT Audit (ITACS and ITGC)
- Working experience in Data Privacy (PDPA, GDPR, DPA of 2012)
- Working experience in Security Awareness and Training
- Specific 2 years experience in consulting/advisory engagements (preferred)
- Strong knowledge in IT Audit/Assessments and/or Maturity Assessments
- Strong knowledge on information security standards and guidelines such ISO 27001/2, NIST, CIS, PCI DSS and SWIFT CSP
- Understanding of Security Operations Center processes and relevant technologies
- Understanding of Cloud Compute, Storage, Security and Virtualization best practice
- Good communicator and ability to interact with all levels within an organization (mandatory)
- Good in technical writing and infographic reporting (mandatory)
- Strong time management skills which allow for multi-tasking while managing shifting priorities
- Proven history of providing exemplary customer service to both internal and external stakeholders
Preferably has at least one of the following certifications:
- ISC2 CISSP
- ISMS LA/LI
- ISACA CISA or CRISC (mandatory)
- Relevant certifications for PCI DSS, SWIF, HITRUST and other industry
Interested candidates may send their updated CV directly at danica@cobdenandcarter.com.
Location: Makati City
Work Setup: Hybrid
Work Schedule: Dayshift