Information Security Auditor  

I. Purpose

Support and manage audit projects and initiatives of MICTS and continuously develop and enhance Information Security knowledge and skills through the participation of upskilling activities and trainings appropriate to the position.

II. Duties and Responsibilities

• Support the audit team’s projects and initiatives and contribute to the attainment of set goals and established key metrics by helping team members in fulfilling tasks assigned.
• Develop one’s information security knowledge and build information security credentials by gaining the prescribed certifications. Immerse in groupinitiated activities that promotes soft skills development required for the role.
• Manage internal subprojects and/or external subprojects appropriately delegated by Lead.
• Provide recommendations for possible improvements and upgrades.
• Review or conduct audits of information technology (IT) programs and projects.
• Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.

III. Working Conditions

• No shifting schedule
• Main office is in Makati City, job may require you to travel to client’s offices for onsite activities.

A. Minimum Education

• Bachelor’s Degree of any Information Technology, Accounting or Engineering-related studies

B. Minimum Experience/Training

• Has experience in project and/or program management

• Certifications related to Information Security (Sec+, CEH, CCNA, CCNP, ISO27001 ,etc) is an advantage

• Strong familiarity with known Information Security standards, governance framework and regulations

C. Competency

• Must have good communication and presentation skills

• Must be assertive, confident, has critical thinking and good decision-making capabilities

• Knowledge of computer networking concepts and protocols, and network security methodologies.

• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Knowledge of cyber threats and vulnerabilities.

• Knowledge of industry-standard and organizationally accepted analysis principles and methods.

• Knowledge of Risk Management Framework (RMF) requirements.

• Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

• Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

• Ability to understand the basic concepts and issues related to cyber and its organizational impact.

• Ability to facilitate group discussions.

• Ability to prepare and present briefings.

• Ability to work across departments and business units to implement organization’s privacy principles and programs and align privacy objectives with security objectives.

• Ability to understand the basic concepts and issues related to cyber and its organizational impact.