IT Security Analyst - Muntinlupa - ref. k5399303

Seeking an IT Security Analyst to help build and operationalize our security and governance functions from the ground up. You’ll work closely with IT leadership and existing SOC 2-focused staff to implement security controls, develop governance policies, and launch initiatives across areas like access control, data classification, AI policy, and risk management.

This is a high-impact role ideal for someone with hands-on experience in IT security operations or governance who is ready to take the next step in shaping how a growing, multi-state pharmaceutical company ensures compliance, security, and trust across its systems.

This position is a night shift position with a schedule of 9am EST - 6pm EST. Candidates must have experience with and have the ability to work a night shift schedule.

Key Responsibilities:

• Vulnerability Management: Coordinate scanning cycles, review findings, and track remediation efforts across infrastructure and applications.
• Identity & Access Management: Support access control reviews, provisioning/deprovisioning, least privilege enforcement, and MFA compliance.
• Penetration Testing: Coordinate external penetration tests; support scoping, logistics, response tracking, and reporting.
• SOC & Incident Response: Monitor SOC alerts, triage security incidents, and assist with incident response playbook execution and post-mortems.

• Perform third-party vendor risk assessments and ensure appropriate security contracts and due diligence are in place.
• Maintain an up-to-date risk register and support regular security reviews of business-critical platforms.

• Maintain compliance and security dashboards for executive visibility.
• Regularly report on control status, risk trends, vulnerabilities, and audit readiness.
• Collaborate cross-functionally to enforce consistent and secure practices.

Qualifications:

Required:

• 2–4 years of hands-on experience in security operations, compliance, or IT governance.
• Familiarity with frameworks such as SOC 2, NIST CSF, ISO 27001, or CIS Controls.
• Solid understanding of vulnerability management, IAM, and incident response.
• Strong communication, documentation, and collaboration skills across functions.
• Experience supporting or running security tools (EDR, SIEM, vulnerability scanners).

Preferred:

• Familiarity with Microsoft 365 admin/security center, Azure, NetSuite, Power BI, or EPCIS systems.
• Familiarity with Microsoft 365 security tools (e.g., Defender, Purview, Entra ID).
• Experience using tools such as CrowdStrike, Tenable, Okta, Splunk, or Sentinel.
• Relevant certifications (e.g., Security+, SSCP, GSEC, CISA, or equivalent).