IT Security Analyst - Quezon City

You’ll be collaborating with experts, driving impactful audits, and strengthening IT governance across multiple platforms.

The main responsibilities of a IT Security Analyst include:

Professional Experience:

• Conducted internal audits aligned with ISO/IEC 27001, NIST CSF, and COBIT frameworks.
• Assessed the effectiveness of security controls across infrastructure, applications, and cloud environments.
• Performed audits of data privacy compliance (e.g., GDPR, local data protection laws).

• Evaluated ITGCs across access management, change management, backup and recovery, and system operations.
• Reviewed user access provisioning, de-provisioning, and periodic access reviews.
• Audited change control processes for ERP systems, databases, and custom applications.

• Utilized ServiceNow GRC to manage audit workflows, control testing, and issue tracking.
• Created and maintained dashboards and reports for audit findings and remediation status.
• Collaborated with ServiceNow administrators to enhance audit automation and evidence collection.

• Participated in enterprise risk assessments and control gap analysis.
• Designed and executed test plans to evaluate the design and operating effectiveness of controls.
• Worked with control owners to define remediation plans and track closure.

• Presented audit findings to IT leadership and business stakeholders.
• Coordinated with cross-functional teams during audit planning, fieldwork, and follow-up.
• Prepared detailed audit reports with risk ratings, root cause analysis, and actionable recommendations.

To apply, you must be an expert on the following requirements:

Skills:

1. Internal Audit Methodology - Proficient in planning, executing, and reporting internal audits aligned with ISO/IEC 27001, NIST CSF, and COBIT frameworks.
2. IT General Controls (ITGC) Auditing - Skilled in evaluating access controls, change management, backup and recovery, and system operations.
3. Risk-Based Auditing - Ability to identify and assess risks, prioritize audit focus areas, and recommend mitigation strategies.
4. Control Testing & Evaluation - Experience in testing design and operating effectiveness of security and ITGC controls.
5. Compliance & Regulatory Knowledge - Familiar with data privacy laws (e.g., GDPR, local regulations), and corporate compliance requirements is an advantage.

It will also be favorable if you are knowledgeable in:

• Bachelor’s degree in any of these courses: Information Technology, Computer Science, Cybersecurity, Management Information Systems, or Accounting or Finance (with IT audit specialization)
• Any of the following certifications are added advantage:
• CISA (Certified Information Systems Auditor) – Highly recommended for ITGC and audit roles
• ISO/IEC 27001 Lead Auditor or Implementer – For auditing against ISO standards
• CRISC (Certified in Risk and Information Systems Control) – For risk-focused auditors
• CompTIA Security+ – Foundational cybersecurity knowledge
• ITIL Foundation – Useful for understanding IT service management, especially with ServiceNow
• ServiceNow Certified System Administrator or GRC Implementation Specialist – For hands-on ServiceNow experience