SAP Governance, Risk & Compliance (GRC)


Descriptions:

As a Team Lead / Tower Security Lead primary responsibility are to provide Subject Matter Expert support for Governance, Risk and Compliance domain of Information Security along with expert level knowledge on technology and people management skills. This role will also include responsibilities like escalations handling and interaction with client security leads as well as with other support teams to ensure successful operations of assigned responsibilities.

Responsibilities:
* Evaluate and recommends best GRC system based on business requirements and effectiveness on security compliance such as vulnerability management and policy compliance
* Integrate GRC best practices to client's policies and procedures to ensure compliance on regulatory requirements as well as business requirements
* Review policies, standard and other process documents to ensure compliance on regulatory requirements as well as business requirements
* Ensure compliance on CIS, COBIT, ISO 17799 & 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP, PCI-DSS, CIS, OWASP
* Perform RCA on security related issues
* Mitigate potential security exposure
* Team Management
* SLA Management
* Project Management

Qualifications:
* At least 5-8 years of experience in core Information Security domain
* At least 3 years of experience in Governance, Risk and Compliance domain of Information Security
* Should have architect level knowledge in Information Security domain
* Should have design, build or consulting experience on any of the leading GRC tools
* Expert on different standards and frameworks
o CIS, COBIT, ISO 17799 & 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP, PCI-DSS, CIS, OWASP
* Windows administration skills
o Application servers, web services, remote access, file & print services, server virtualization
o Active Directory
o Performance monitoring, logs & alerts
* Network fundamentals
o Infrastructures such as VPN, LAN, WAN, wireless network, network topologies, and access methods
o Hardware such as switches, routers, media types
o Protocols and services such as OSI model, IPv4, IPv6, name resolutions, networking services, TCP/IP
* Security fundamentals
o Types of threats, attack vectors
o Network vulnerabilities and attacks
o User authentication, permissions, password policies, audit policies, encryption, cryptography
o Physical security, internet security, wireless security, and core security principles
* Familiarity of different GRC systems
* CISSP, CISA or related certifications

Full-time

Job no: DDAQ00175

Location: Quezon City, Makati, Mandaluyong, Taguig

Closing Date: Wednesday, 23 December 2020