Global Cybersecurity Analyst
GC Manila Office, Philippines
World Vision
World Vision International, Christian relief and development organisation, dedicated to helping the most vulnerable children overcome poverty and experience fullness of life.With over 70 years of experience, our focus is on helping the most vulnerable children overcome poverty and experience fullness of life. We help children of all backgrounds, even in the most dangerous places, inspired by our Christian faith.
Come join our 34,000+ staff working in nearly 100 countries and share the joy of transforming vulnerable children’s life stories!
Key Responsibilities:
Individuals working as Global Cybersecurity Analyst are responsible for working on security projects/issues for one or more functional areas (e.g., data, systems, network and/or Web) across the enterprise, develop security solutions for medium to complex assignments, work on multiple projects as a team member and lead systems-related security components. They provide expertise and assistance to all IT projects to ensure the company’s infrastructure and information assets are protected.
Individuals within the IT Security job family plan, execute, and manage multi-faceted projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization.
Individuals develop, execute and manage data, system, network and internet security strategies and solutions within a business area and across the enterprise. They develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines. To guide enforcement of security policies and procedures, they administer and monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. IT Security professionals evaluate and recommend security products, services and/or procedures. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
IT Security professionals require strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies. Security certifications (i.e., PCI Internal Security Assessor (PCI-ISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manage (CISM), Global Information Assurance Certification (GIAC) and/or other certifications) may be required.
MAJOR RESPONSIBILITIES:
POLICIES, PROCESSES, & STANDARDS:
Maintains an up-to-date understanding of industry best practices.
Develops, enhances and implements enterprise-wide security policies, procedures and standards.
Monitors compliance with security policies, standards, guidelines and procedures.
Ensures security compliance with legal and regulatory standards.
BUSINESS REQUIREMENTS:
Participates with the project team(s) to gather a full understanding of project scope and business requirements.
Works with customers to identify security requirements using methods that may include risk and business impact assessments.
Provides security-related guidance on business processes.
SECURITY SOLUTIONS:
Participates in designing secure infrastructure solutions and applications.
RISK ASSESSMENTS:
- Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Conducts business impact analysis to ensure resources are adequately protected with proper security measures.
- Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
- Creates, disseminates and updates documentation of identified IT risks and controls.
- Reports on significant trends and vulnerabilities
RISK ASSESSMENTS:
- Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Conducts business impact analysis to ensure resources are adequately protected with proper security measures.
- Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
- Creates, disseminates and updates documentation of identified IT risks and controls.
- Reports on significant trends and vulnerabilities.
- Develops plans to achieve security requirements and address identified risks.
- Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Performs PCI audits and compliance checks.
- Performs Data Protection Impact Assessments (DPIA)
SECURITY AUDITS:
- Performs security audits.
- Participates in security investigations and compliance reviews as requested by external auditors.
PROBLEM MANAGEMENT:
- Provides responsive support for problems found during normal working hours as well as outside normal working hours.
- Identifies and resolves root causes of security-related problems.
COMMUNICATIONS/CONSULTING:
- Interfaces regularly with staff from various departments communicating security issues and responding to requests for assistance and information.
- Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
VENDOR MANAGEMENT:
- Works with third party vendors during problem resolutions.
- Interfaces with third party vendors to evaluate new security products or as part of a security assessment process
TRAINING:
- Assists in the development of security awareness and compliance training programs.
- Provides communication and training as needed.
- May guide users on the usage and administration of security tools that control and monitor information security.
COACHING/MENTORING
- Mentors less experienced team members.
QUALIFICATIONS:
- Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Work experience in PCI DSS compliance (preferred)
- Work experience in designing, implementing, and security training
- Typically has 3-5 years of combined cybersecurity work experience with a broad range of exposure to information security and data protection.
- Willingness and ability to travel domestically and internationally, as necessary
- Work experience in compliance, risk, and IT service management
- Effective in written and verbal communication in English.
Good-to-have:
- PCI ISA certification
- CISSP certification
- Project Management experience
- Risk Management experience
- Security Training
Applicant Types Accepted:
Local and International Applicants (IA's) Accepted* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISM CISSP Compliance Computer Science CRISC Encryption Firewalls GIAC Monitoring PCI DSS Risk analysis Risk assessment Risk management Security analysis Security assessment Travel Vendor management Vulnerabilities
Perks/benefits: Career development Equity / stock options
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open TS/SCI-related jobs