Information Security Analyst (6) - CSO SOC (Taguig City, Philippines)

Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): No Travel

Relocation Provided: No

Company Shared Services Corporation

Your future team

Our technology teams collaborate with their worldwide colleagues and partners every day to take on the challenges of providing IT support to one of the world’s leading financial services firm. We’re people who believe that with the right values and hard work, anything is possible. We know that if we’re at our best, that enables our customers to be their best and realize their dreams and hoped for successes. The Information Technology group provides enterprise-wide IT solutions for all of Company’s specialized disciplines. Technology provides strategic and procedural support in all of Company’s specialized disciplines, such as policy issuance, premium collection, claims handling, and administration. It enables Company to deliver business strategies through efficient world-class IT and operations services, while ensuring the necessary IT risk management and security measures are in place.

The Company ISO Corporate Security Operations Team Extension supports a number of proponents of various services in three areas; (a) Security assessments which includes SSA and EXREQ; (b) Security Monitoring - DLP Event Review, WFCR and ECC Review; (c) the RSA AA Security Support which includes Policy Management (ITSEC), User Activities review and investigation (SOC) and User Provisioning (SecAdmin).

Your contribution at Company

As an influencer at Company, people come to you as a “go-to” source for help and support because of your deep knowledge and expertise. As a more experienced team member, you are capable of driving continual improvement and impacting the way that things get done. Because of your influence, whether direct or indirect, we are able to deliver powerful outcomes for our clients.

• Provide security assessments on the following; Software Security Assessment (SSA), Application Scanning Request (APPSCAN), and Exception Request (EX-REQ)
• Perform and Review Application Threat and Vulnerability Assessment
• Perform and Review IT Security Risk Assessment
• Review and process external network connectivity requests
• Review and process requests for exception or exemption to IT Security standards
• Identify gaps and areas for improvement during audits/IT assessments
• Come up with recommendations for remediation of areas identified during audit/IT assessments
• Follow through on ensuring key remediation efforts are implemented
• Ensure IT Security assessment program minimizes risks associated with business partners and vendors.
• Performs other duties & responsibilities as required or assigned by the Lead Information Security Risk Analyst.

Specific Tasks - SOC Monitoring:

• Investigate new cases in Case Management and monitor such for at least two weeks to check for any patterns and unusual behavior.
• Review the Case Management logs to check for inconsistencies in user behavior such as access from non-business country and possible sharing of accounts.
• Report any accounts that are of interest to the Business Partners if the security incident persists for the duration of the review.
• Report the general health and statistics for the RSA-AA logs.
• Identify changes that needs to be done to improve the overall security controls with regards to the use of RSA-AA such as changes to the policies/rules, risk score baselines and lists.

Specific Tasks - IT Security:

• Approve, test and implement any RSA-AA Back Office Production changes to the: a) Security settings in the Administration tab of the Back Office module; and b) Policy/rules in the Policy Management tab of the Back Office module
• Document all changes within the Service Now Change Request following Company Change Control Procedures in the process of implementing these changes.

Specific Tasks - Security Administration:

• Provision of user accounts in RSA A-AA Access Management module for new back office user requests.
• Edit user account’s access privilege in RSA A-AA Access Management module for existing user accounts.

What we are looking for

• Minimum 2 to 3 years of experience IT Risk Management, IT Audit, and Information Security.
• Experience in coordinating IT security Audit engagements
• Experience with highly regulated industry experience compliance requirements, Insurance industry expertise preferred (not mandatory)
• Experience in IT or security disciplines such as authentication and authorization models, data protection methods, networking, firewall models, common application security models, investigations,application scanning, threat and vulnerability management processes.
• Knowledge and experience in McAfee DLP, Anti-Virus, Network Security, Network Designs, Firewalls, and Virtual Private Networks.
• Proven track record of on-time, on-budget audits
• Familiar with IT Security Audit Requirements
• Familiar with Quality and Risk Management Process
• Familiar with Company Framework
• Familiar with any of the Regulatory Standards (e.g. Risk IT, COBIT, ISO, ITIL)
• A related Bachelor’s degree or equivalent work experience
• Certification in either Security+ or CISA is highly desired but not mandatory for this role
• Very proficient with Microsoft Project, PowerPoint, Excel and Word

It has been and will continue to be the policy of Company, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At Company, we believe that diversity and inclusion are critical to our future and our mission – creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.