IT Security QA

Job Description:Security Assurance:

• Conduct regular security assessments, including vulnerability scans, penetration tests, and risk assessments to identify and mitigate security risks.
• Develop, implement, and maintain security policies, procedures, and controls to ensure compliance with industry standards and regulatory requirements (e.g., GDPR, HIPAA, NIST, ISO 27001).
• Perform security reviews and audits of internal and third-party systems to ensure adherence to security best practices.

Security Engineering:

• Ensure to implement security solutions and technologies to protect against cyber threats and vulnerabilities.
• Collaborate with IT and development teams to integrate security into system design, application development, and deployment processes.
• Investigate and respond to security incidents, including conducting forensic analysis and coordinating with incident response teams.

Compliance and Risk Management:

• Stay current with emerging security threats, technologies, and industry trends to continuously improve security posture.
• Support and preparation and submission of compliance reports and documentation for audits.

Reporting:

• Generate and present regular security reports and metrics to senior management, highlighting key security events, trends, and the effectiveness of security measures.
• Document security incidents, including the nature of the threat, response actions, and outcomes.
• Prepare and submit compliance reports and documentation for audits, ensuring accurate and timely reporting of security posture and incidents.

Collaboration and Communication:

• Work closely with cross-functional teams to address security-related issues and implement effective solutions.
• Provide expert guidance and recommendations on security matters to senior management and other stakeholders.
• Document and communicate security findings, recommendations, and status to relevant parties.

Requirements

Qualifications:

• Minimum of 5 years of experience in IT security, information assurance, or a related field.
• Strong understanding of security frameworks and standards such as ISO 27001, NIST, GDPR, and HIPAA.
• Hands-on experience with security assessments, including vulnerability scanning, penetration testing, and risk assessments.
• Solid background in security engineering, with the ability to implement security tools, technologies, and solutions.
• Proficient in conducting security audits and reviews of internal and third-party systems.
• Experience working with cross-functional teams to integrate security into software development and IT operations.
• Strong knowledge of incident response procedures, forensic analysis, and mitigation strategies.
• Familiarity with compliance reporting and audit preparation.
• Excellent report writing and communication skills, with the ability to present findings and metrics to senior management.
• Up-to-date with emerging threats, technologies, and best practices in cybersecurity.
• Strong analytical and planning skills;
• Good communication and presentation skills;
• Excellent problem-solving skills;
• Amenable to work in Ortigas (fully onsite)