*Preferred position location: Manila, Philippines. Other locations to be determined by home country of successful candidate in Malaysia and South Africa.
*Please submit your CV in English.
PURPOSE OF THE POSITION:
Individuals working as an IT Security Analyst II are responsible for working on security issues for one or more functional areas (e.g., data, systems, network and/or Web) across the enterprise, develop security processes for medium to complex assignments, work on multiple projects as a team member and lead systems-related security components. They provide expertise and assistance to all World Vision offices to ensure the that security incidents and security problems are resolved.
Individuals within the IT Security job family plan, execute, and manage multi-faceted projects related to compliance management, risk assessment and mitigation, control assurance, business continuity and disaster recovery, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization.
Individuals develop, execute and manage data, system, network and internet security strategies and solutions within a business area and across the enterprise. They develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines. To guide enforcement of security policies and procedures, they administer and monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. IT Security
professionals evaluate and recommend security products, services and/or procedures. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
IT Security professionals require strong technical, analytical, communication and consulting skills with knowledge of IT Security and related technologies. Security certifications (i.e., Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manage (CISM), and/or other certifications) may be required.
Policies, Procedures & Standars:
Maintains an up-to-date understanding of industry best practices.
Develops, enhances and implements enterprise-wide security policies, procedures and standards.
Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
Monitors compliance with security policies, standards, guidelines and procedures.
Ensures security compliance with legal and regulatory standards.
Participates with the project team(s) to gather a full understanding of project scope and business requirements.
Works with customers to identify security requirements using methods that may include risk and business impact assessments.
Studies current and proposed security processes to determine impact of security measures on business goals.
Participates in designing secure incident management and threat management solutions.
Works directly with the customers and other internal departments and organizations to facilitate threat management processes and to identify potential incidents.
Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
Creates, disseminates and updates documentation of identified threats and controls.
Reports on significant threats and vulnerabilities.
Develops plans to achieve security requirements and address identified threats.
Follows up on problems identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
Incident Management and Problem Management:
Consults with clients on the incident management and problem management practices.
Provides security support to ensure that security issues are addressed throughout the project life cycle.
Performs control and vulnerability assessments.
Provides responsive support for problems found during normal working hours as well as outside normal working hours.
Identifies and resolves root causes of security-related problems.
Responds to security incidents, conducts forensic investigations and targets reviews of suspect areas.
Works with teams to resolve issues that are uncovered by various internal and 3rd party monitoring tools.
Business Continuity/Disaster Recovery:
Coordinates the development of disaster recovery test plans, testing, and documentation for each application.
Engages application and systems management in disaster recovery testing, objectives and auditing.
Participates in recovery drills.
Security Performance Management:
Analyzes reports and makes recommendations for improvements.
Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project.
Interfaces regularly with staff from various departments communicating security issues and responding to requests for assistance and information.
Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Works with third party vendors during problem resolutions.
Interfaces with third party vendors to evaluate new security products or as part of a security assessment process.
Performs application security risk assessments for new or updated internal or third party applications.
Evaluates and recommends hardware and software systems that provide security functions.
Assists in the development of security awareness and compliance training programs.
Provides communication and training as needed.
May guide users on the usage and administration of security tools that control and monitor information security.
Mentors less experienced team members.
KNOWLEDGE, SKILLS AND ABILITIES:
Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
Requires knowledge of security issues, techniques and implications across all existing computer platforms.
Typically has 3-5 years of combined IT and security work experience with a broad range of exposure to cybersecurity, data protection, threat management and risk management and 2 - 3 years of experience with incident management and data
Willingness and ability to travel domestically and internationally, as necessary.
Work experience in creating knowledge base articles.
Work experience in writing incident reports and service level reports.
Work experience in performing Threat, Vulnerability and Risk Assessment.
Work experience in Event Management.
Work experience in Incident Management.
Work experience in Problem Management.
Effective in written and verbal communication in English.
Effective in report writing and data analytics.
Preferred Skills, Knowledge and Experience:
Threat Management experience.
Incident Management experience.
The position requires ability and willingness to travel domestically and internationally up to 20% of the time.