Information Security Analyst, Subject Matter Expert
Umpisa Inc
full-time
Posted on:
Location Type: Hybrid
Location: Pasig • Philippines
Visit company websiteExplore more
About the role
- The Information Security Analyst (SME) is responsible for protecting the organization’s information assets by designing, implementing, and maintaining security controls, policies, and best practices. As a Subject Matter Expert, this role provides hands-on technical expertise, risk assessment, and advisory support across the business, ensuring compliance with security standards while enabling secure business operations.
- Compliance Monitoring: Support the implementation and monitoring of security policies to ensure compliance with applicable laws, regulations, and industry standards (e.g. ISO 27001, NIST)
- Participate in internal, external or regulatory audits as required.
- Other work or projects as assigned.
Requirements
- Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity
- Strong communication skills
- Strong problem solving and analytical skills
- Excellent problem-solving ability
- Minimum Requirements:
- - Bachelor’s degree in Information Security, Computer Science, IT, or a related field (or equivalent experience)
- - at least 5 years of experience in information security, cybersecurity, or IT risk roles
- - Strong understanding of:
- - Information security principles and frameworks
- - Risk assessment and vulnerability management
- - Identity and access management (IAM)
- - Data protection and privacy concepts
- - Experience working in a hands-on, SME or fast-growing organization
- - Experience communicating policies and compliance requirements with both technical and non-technical audiences at various levels in the organization.
- - Good experience in establishing and performing policy, standard and procedure assessment in a cloud-based environment, technologies, and services.
- - Good experience defining, revising, and implementing corporate information security policies, standards, processes, guideline, and related regulatory expectations.
- - Familiarity with various industry frameworks and requirements including NIST framework, ISO 27001, PCI DSS, SOC 2, etc.
- - Passionate in ensuring the confidentiality, integrity, and availability of our critical assets and contributing to our organization's information security initiatives by applying your knowledge and attention to details.
- - Able to work and communicate well with different stakeholders.
- - Remains composed when decisions have to be made quickly.
- Preferred:
- - Relevant certifications (any of the following):
- - CISSP, CISM, CISA
- - ISO 27001 Lead Implementer / Auditor
- - Security+, CEH, or equivalent
- - Experience with cloud security (AWS, Azure, or GCP)
- - Familiarity with security tools (SIEM, endpoint security, vulnerability scanners)
- - Good understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
- - Good understanding of security risk and compliance assessment, process, and procedures
- - Good to have Cybersecurity Fundamental certifications such as CompTIA Security+, ISC, etc.
- - Able to develop and implement new and improved ways of doing work; encourage staff and guide organization and foster a positive security behavior and posture.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information securitycybersecurityrisk assessmentvulnerability managementidentity and access managementdata protectioncloud securitysecurity policiescompliance requirementssecurity frameworks
Soft skills
communication skillsproblem solvinganalytical skillsattention to detailstakeholder engagementdecision makingteam collaborationadaptabilityleadershiporganizational skills
Certifications
CISSPCISMCISAISO 27001 Lead ImplementerISO 27001 AuditorSecurity+CEHCompTIA Security+ISCCybersecurity Fundamentals