Title: Cyber Security Assessment Manager
Taguig City, 00, PH, 1630
We’re JTI, Japan Tobacco International, and we believe in freedom.
We think that the possibilities are limitless when you’re free to choose. We’ve spent the last 20 years innovating and creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries, and how we’ve grown from 40 to 4,000+ employees in the Philippines since 2009.
But our business isn’t just business, our business is our people. Their talent. Their potential. We believe that when they’re free to be themselves, to grow, travel and develop, amazing things can happen for our business. That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend, and why we’ve been recognized as INVESTORS IN PEOPLE in the Philippines
It’s the perfect moment for you to #JoinTheIdea. We’re opening our Global Business Service center in the heart of BGC Manila and looking for more than 300 bright minds to join a global multinational with an exciting start-up vibe.
Department: Cyber Security Center
Duty Post: Taguig City
Hiring Manager: Technical Security Center Director
Role: Permanent
CYBER SECURITY ASSESSMENT MANAGER
What is this role about?
The mission of the Technical Security Centre team is to provide security expertise and best practices to other IT functions by ensuring consistent and high security standards are applied in the development and ongoing evolution of the JTI IT infrastructure and business applications. The scope includes, but is not limited to, corporate network, workstations, servers, mobile devices, business applications, Internet and related IT services.
This position will be responsible for ensuring that all business critical IT applications are implemented in a secure manner and not vulnerable to internal and external threats.
The incumbent will be responsible for working closely with functional and technical teams globally supporting the application security assessment activities, performing controlled security assessment, code reviews and penetration testing. The incumbent will be responsible, in collaboration with the Technical Security Centre team, to produce technical security reports, present the results to the relevant stake-holders to achieve buy-in and corrective action commitment, and to follow-up on the required corrective actions.
He/She also works closely with other TSC colleagues to help review new technical solutions from a security assessment standpoint in accordance with the security and business requirements. The incumbent will be responsible, in collaboration with Technical Security Centre team, to establish and follow-up on security assessment requirements. The incumbent is responsible for staying abreast of evolving technology and keep management aware of new trends, technology and security industry best practices and how they could be incorporated as part of the global technical security strategy.
What will you do?
1) Cyber Security
- Accountable for ensuring that business solutions are secured against internal and external threats and hacking
- Conduct appropriate security assessments & Penetration Tests as required by the TSC team and follow up with IT teams on recommendations and corrective action implementation.
- Self position as subject matter expert and reference for security assessment activities.
2) Change / Service Request Management
- Ensure proper technical recommendations and effort analysis are provided in a timely manner, for all change and service requests related to security assessments assigned to him/her.
- Provide technical security expertise, ensure technical solutions follow best practice & JTI standards and are implemented accordingly.
3) Policies & Procedures
- Participate in the review and maintenance of policies, procedures, standards and guidelines in the area of responsibility
- Ensure policies, procedures, standards and guidelines are consistently applied in all solutions, projects and initiatives
4) Risk Control
- Deliver regular and consistent input and reports to support the JTI compliance, audit and risk control teams.
5) Cooperation & Communication
- Work in close cooperation with and provide necessary support to global and local IT teams (GDC, BTS, I&O) ensuring proper / frequent updates to TSC Team Members.
6) Operations & Incident Management
- Ensure that security operations aspects are taken into account when assessing or approving new solutions
- Provide expertise and help on troubleshooting complex cyber security and technical incidents in the area of responsibility
Who are we looking for?
- University degree in Computer Engineering, Software Development, Information Systems and relevant experience in IT, CISSP, CEH are a plus
- 3+ years of Pen Testing / Application, Network, System Security Assessment, Ethical Hacking
- Experience in the Application environment of an international corporation in a multicultural environment
- Specialist in security technologies. Web based security technology and complex Pen Testing is mandatory
- Experience with Acunetix, Burp Suite and other similar tools
- Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance.
- 1+ years of Project Management experience
- Technical background, structured approach, ability to work with internal and external providers, autonomous in his / her work
- Fluent English written and spoken
- Analytical/problem solving ability
- Strong verbal, written communication and presentation skills
- Excellent team player and communication skills.
- Analytical, organised and efficient.
- Sets priorities to meet objectives.
- Comfortable working in a fast paced and dynamic work environment
- Someone who can bring fresh ideas with a self-driving attitude.
What are the next steps - Recruitment Process:
- Thank you very much for applying!
- We will make sure to provide feedback on your application within 2 weeks after the application deadline
Job Segment:
Cyber Security, Corporate Security, Testing, Risk Management, Security Clearance, Security, Technology, Finance, Government