Business Risk, Assortment Compliance Associate-Bgc

Multiple Financial Risk Management and Information Security roles are listed with various responsibilities across Philippine locations. The descriptions include risk assessment, information security, fraud management, and financial risk modeling responsibilities. This refinement preserves the original content while organizing it into clear sections with proper HTML structure.

Location: Mandaluyong, National Capital Region

Salary: ₱1500000 - ₱2500000

Company: Bank of Commerce (Philippines)

Posted: today

• Oversee employees, consultants, subsidiaries and vendors\' compliance with ISPP regarding the security of the Bank\'s information assets;
• Monitor the adequacy and effectiveness of the systems of internal control to ensure the systems minimize operations risk and identify exposures while the consequences are still avoidable;
• Provide effective assessment of risks to ensure the soundness of information technology; and
• Provide consulting activity to improve the risk management process of the organization.

• Maintain a good working relationship with unit management and meet with Group Heads or senior Bank management to explain information pertaining to adequacy, effectiveness and efficiency of internal control systems to mitigate the risks identified.
• Develop and maintain key relationships with professional associations and/or individuals to exchange information on unusual or emerging technical issues and risk engines.
• Facilitate periodic risk assessment following the ACES and ISRA methodologies of the bank information assets.
• Conduct or review complex or specialized risk assessment of functions, identify and evaluate risk concerns, recommend mitigating controls and report summary information deficiencies of business and operating units
• Recommend strategies and programs in relation to the Bank\'s Information Security
• Provide consulting activities to business and operating units on IT risks and information security issues covering Bank\'s processes, operating policies and procedures.
• Ensure adequacy and relevance of Information Security Policies and Procedures.
• Oversee user\'s adherence to security policy and report breaches to the appropriate authority
• Develop or enhance the risk assessment program on information security and privacy matters
• Develop and provide continuing education and advisory on information security and privacy matters for Bank personnel
• Participate in Business Continuity Planning
• Assist in facilitating the vulnerability assessment and penetration testing exercises conducted by third party consultants and monitor resolution.
• Ensure timely resolution of internal and regulatory findings.
• Keep abreast of latest information security and privacy regulations and vulnerabilities and new and emerging security technology
• Prepare, assist and gather information for management or BROC reporting

• At least 5-7 years of professional experience in Information Security, IT Risk Management, or related fields.
• Minimum 2 - 3 years in a supervisory or leadership role managing risk assessments, audits, or compliance activities.
• Strong knowledge of information security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Proficiency in risk management methodologies such as ISRA, RCSA, and SASRA, including risk registers and heatmaps.

Posted today

• Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices.
• Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies.
• Ensure timely response and delivery of quality security assessment reports
• Monitor, track and report (SLOs) Service Level Objectives
• Track risk mitigation completion performed by the project members
• Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production.
• Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization.
• Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts.
• Continuous improvement on risk assessment processes
• Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc.

• Knowledge in operating systems and networking
• Knowledge in cloud environment is desirable.
• Knowledgeable on IT security domains based on industry standards (e.g., NIST CSF, ISO 27001, CIS)
• Risk-based approach and methodology on security assessments
• Some experience in project management
• Basic understanding of threat modeling (e.g., STRIDE)

• Bachelor\'s degree in Computer Science, Engineering, Information Technology, etc. or Accountancy
• Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT Security and Solutioning
• Excellent verbal and written communication skills and strong leadership
• Relevant cyber security certifications (preferred): CISSP, CISM, CISA, CRISC, ISO27000, and similar
• Other relevant technical certification would be an advantage

Posted today

We are seeking to identify current and emerging cybersecurity and fraud threats and risks relevant to GCASH, design architecture, and collaborate with product teams to align security with business direction.

• Develops a complete understanding of a company\'s technology and information systems.
• Identify and communicate current and emerging cybersecurity and fraud threats and risks that are relevant to GCASH.
• Design cybersecurity and fraud management architecture elements for GCASH to mitigate threats.
• Plan, research and design robust cybersecurity and fraud management architectures for GCASH demands.
• Collaborates with product teams to understand business direction and anticipate Security and Fraud Risks.
• Formulates new cybersecurity and fraud management blueprints to enable business plans while managing risk.
• Conducts research on Emerging Technologies and their evolving threats for Threat Modeling.
• Creates and maintains Fraud and Security Blueprints for evolving and existing systems.
• Communicates blueprints to relevant teams; responds to incidents and provides post-event analyses with ISDP GGSOC team.
• Reviews current measures and oversees enhancements; receives escalations and assesses controls.
• Communicates needs and priorities to upper management.

What We Offer: opportunities for career growth in a top FinTech, collaborative team, competitive compensation and benefits.

Posted today

Be #InGoodHands with Metrobank

Metrobank overview and career messaging retained from original content.

Position Title: Security Assurance and Assessment Officer

Job Summary:

• Develop tactical plans and programs for third-party information security risk management framework and ensure alignment with the enterprise risk framework
• Perform third-party security, system security and information asset based risk assessment; analyze complex processes and identify risk mitigation strategies
• Review production environments for potential risk and determine mitigation strategies
• Recommend strategies to control risks related to confidentiality, integrity and availability

Role Exposure:

• Prepare tactical plans for information, third-party and system security risk assessments
• Identify critical assets, threats, vulnerabilities; review adequacy of existing security controls
• Coordinate and assess security performance of third-party vendors
• Perform threat modelling-based risk assessment for IT systems
• Analyze changes in process and systems; update risk controls and documentation
• Maintain security risk register and remediation status; monitor risk assessment plans
• Coordinate across units for information gathering for assessments
• Articulate findings and remediation strategies in risk assessment reports
• Maintain documentation library; investigate incidents; apply trends and regulatory changes
• Mentor and guide other Security QA Risk Assessors

Qualifications:

• Bachelor\'s degree; IT security risk management or related background with professional certifications (CISA/CISM/CRISC/PCI-DSS ISO-27001 a plus)
• Experience in IT general controls and auditing; ability to prioritize risk and communicate effectively
• Analytical with strong risk assessment and project management capabilities

Posted today

Roles include Financial Risk Management engagements covering credit, market and liquidity risk; responsibilities include model development/implementation/validation and data analytics; collaboration to improve methodologies and risk decisions.

Qualifications (typical):

• Strong mathematical/statistical background; minimum 5 years of relevant FRM experience for some roles; 3-5 years for senior associates; leadership responsibilities for others
• Familiarity with risk management frameworks and tools (R, Python, SAS, Excel, PowerPoint, SQL)
• Certifications such as CFA, CISSP, CISM, CISA, CRISC (preferred)
• Excellent communication and project management abilities; ability to drive change

Location: Philippines (ING Hubs PH); ING Hubs Philippines is described with responsibilities for market and financial risk reporting, data analytics, and regulatory reporting.

Key Responsibilities:

• Prepare high quality market and financial risk reports; monitor concentrations and trends in credit risk
• Participate in stakeholder meetings; perform technical analysis on risk data for regulatory reporting
• Identify and implement process improvements; strengthen governance and control over reporting
• Contribute to digitization/automation of reporting

Key Capabilities/Experience:

• Bachelor/Master level education; 7+ years in data/analytics functions
• Proficiency in Excel, VBA, SQL; SAS EG experience preferred
• Analytical with attention to detail; knowledge of financial markets
• Strong communication; ability to work under deadlines

Posted today

Similar FRM responsibilities as above with emphasis on risk modeling, data analytics, and cross-functional collaboration.

Qualifications/Skills:

• Mathematics/statistics/economics background; 3-5+ years for senior associate; 4-5+ years for associate
• Strong analytical, project management, and communication skills
• Familiarity with risk management frameworks; proficiency in R, Python, SAS, and related tools

This listing includes multiple roles across various financial risk and information security domains, with several postings for each role, some with overlapping responsibilities and qualifications. Location notes include Manila-area offices and metro centers; postings show today as the posting date.

Note: This refinement preserves the essential content and organizes it into clearly labeled sections with