All-Source Analyst

Mandaluyong, National Capital Region ₱1500000 - ₱2500000 Y Bank of Commerce (Philippines)

Posted today

Overview and responsibilities across multiple information security and risk roles as listed below. The positions require strong knowledge of information security, IT risk management, vulnerability management, threat intelligence, and regulatory/compliance awareness. The descriptions include responsibilities, qualifications, and location details provided by the posting sources.

• Security and Information Risk roles (Bank of Commerce, Metrobank group postings)
  • Oversee compliance with information security policies and ISMS frameworks; assess risk to information assets and IT processes.
  • Conduct or facilitate risk assessments following ACES/ISRA methodologies; identify exposures and recommend mitigations.
  • Provide consulting on IT risks and information security issues; ensure adequacy of information security policies and procedures.
  • Coordinate with management, units, and stakeholders to explain adequacy, effectiveness, and efficiency of internal control systems.
  • Assist in vulnerability assessments, penetration testing, third party risk management, business continuity planning, and incident response activities.
  • Maintain risk registers, dashboards, and regulatory reporting; monitor findings resolution and track remediation status.
  • Keep abreast of latest information security regulations and technologies; participate in security awareness and education for bank personnel.

• Security Risk Assessment Analyst (General responsibilities)
  • Perform risk assessments for in-flight projects; identify risks and ensure compliance with cybersecurity standards.
  • Collaborate with project managers to define security requirements and risk mitigation strategies; produce quality security assessment reports.
  • Monitor service levels, track risk mitigation progress, and support risk management tools (e.g., GRC).
  • Mentor risk assessment analysts; contribute to process improvements and threat modeling (e.g., STRIDE).

• IT Security Risk Assessment Officer (Metrobank)
  • Develop and implement third party information security risk management programs; assess third party and system security risk.
  • Coordinate across business units; document findings and risk remediation strategies; maintain security risk registers.
  • Lead information security project work, incident investigations, and regulatory compliance activities.

• Security Analyst (Pax8)
  • Triages cybersecurity events, performs incident escalation and remediation; analyzes vulnerabilities and threat intelligence.
  • Configures and monitors SaaS security controls; develops run books and automation; produces vulnerability/threat opinions.
  • Collaborates with IT, engineering, legal, data management, HR and business leaders to embed security in processes.
  • Required: 3+ years in security operations/engineering; experience with SIEM, cloud security (AWS/Azure/GCP), and threat detection; certifications such as CISSP/CISM/CRISC are favorable.

• Security Analyst / Security Specialist (Aspires/Verity BPO)
  • Address cybersecurity and privacy risks; perform vulnerability assessments, penetration testing, and security reviews.
  • Support security controls, incident response, and security project tasks; ensure compliance with security standards.
  • Qualifications include degree in CS/IT or related field and 1+ years in IT/security; knowledge of firewalls, SIEM, patch management, and documentation skills.

• Valuation/Benefits Data Source roles (WTW)
  • Valuation and data management for global benefits databases; develop knowledge of benefits landscape; work with cross-country teams.
  • Requirements: bachelor’s degree (mathematics, actuarial, statistics, business or related); 1 year in actuarial/valuation; proficiency in MS Office; strong communication; ability to work in a global team.

Job details such as locations, postings dates, and organization names are included where provided.

Most postings indicate multiple roles with similar information security focuses, including risk assessment, policy development, third-party risk, threat intelligence, incident response, and compliance. Specific qualifications vary by position, but common requirements include a bachelor’s degree in a relevant field, several years of experience in information security or IT risk, and relevant certifications where noted.

false