IT Security Specialist - Hybrid
An IT Security Specialist in the Philippines takes responsibility for overseeing and controlling all aspects of computer security in a business. The role entails planning and carrying out security measures that will protect a business’s data and information from deliberate attack, unauthorised access, corruption, and theft. This role works alongside the local IT Support team to provide IT technical support to over 50 networked users across multiple sites, providing IT management support and cover as required.
Working Hours to cover the US: Options are - 9pm - 6am PH; or 10pm - 7am PH; or 12am - 9am PH
- Execute, and maintain a strategy to ensure proper and efficient handling of audit, external assessments and assurance processes including, but not limited to ISO27001, SOC2, NIST, and CUI/CMMC
- Work as part of a team responsible for the implementation of information security requirements, policies, standards, guidelines, and procedures
- Develop tools, benchmarks, and metrics to ensure that development and engineering teams are adhering to security requirements for all aspects of product development, maintenance, and support
- Evaluates and responds to emerging security issues. Evaluates capability risk/gaps and take and/or coordinate action to meet objectives.
- Manage and perform third-party/Supplier vendor security assessment.
- Performs security compliance monitoring. Participates in the creation of security policies, audits, and assessments.
- Design and implementation of Data Loss Prevention (DLP) environments and respond to the alerts that generate from the tool
- Audit and suggest cloud (AWS, GCP and Alibaba) and web application security controls.
- Carry out regular tests to simulate attacks so they can identify areas where the company is vulnerable and ways in which its systems might be exploited by hackers and viruses.
- Prepare and create regular reports to document any process changes, improvements made, and security breaches that caused damage to the company.
- Monitor and analyze the logs, help in implementing SIEM, and reduce false positives
- Provide support in IT Security related projects like Secure configuration and application authorization to name a few.
- Creating IT Security awareness documents and materials organization-wide.
- Acting as a median between Engineering and Product teams for any security-related tasks and projects.
Required Knowledge, Skills and Abilities
- Experience with and/or certification in cybersecurity frameworks (HIPAA, ISO IEC 27001/27002, ISO 27701, SOC2, GDPR, NIST Cybersecurity Framework (CSF), NIST+)
- Strong strategic thinking skills to support global projects. Must have the ability to look horizontally across global brands in addition to supporting individual (vertical) business areas.
- Experience with vulnerability management, patch management, and configuration management best practices
- Should be able to Adapt, contribute to, and deliver the Group’s security awareness program in the region, with workshops and other media, aiming at business teams, executives, and IT teams
- Experience identifying and responding to potential threats and risks in a 24/7/365 IT environment.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- An understanding of operating system internals and network protocols.
- Familiarity with the principles of cryptography and cryptanalysis.
- Excellent communication skills including an ability to present information clearly and concisely in writing or verbally to a wide audience including clients and managers; effectively uses active listening skills
- Independent, motivated self-starter who can establish a course of action for self and others while driving initiatives to completion
- Proven analytical skills including the ability to proactively identify problems, gather information and set the course of action.
- A willingness to work flexible hours as per business requirements.
Qualifications and Experience
- A bachelor’s degree in a relevant field of study, is preferred (ie: Computer Science).
- A minimum of 8 years of IT experience, with 4-6 years in a relevant information security role
- Preferred industry qualifications - CISSP
- Training or Certifications from ISACA or ISC2 (good to have) – CISM/ CRISC/ CISA / CCSP
- Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies.
If this resonates with you, or if you feel like you would excel in the role, apply now!
Appen is a global leader in the development of high-quality, human-annotated datasets for machine learning and artificial intelligence. Appen brings over 20 years of experience capturing and enriching a wide variety of data types including speech, text, image and video. With deep expertise in more than 180 languages and access to a global crowd of over 1 million skilled contractors, Appen partners with technology, automotive and eCommerce companies — as well as governments worldwide — to help them develop, enhance and use products that rely on natural languages and machine learning.
At Appen, we value performance, honesty, humility, and grit. We persevere and remain focused, whilst maintaining agility to achieve quality outcomes and exceed expectations. We’re truth tellers – respectfully of course. We take accountability for our actions and believe in giving and receiving direct feedback. We give credit where credit is due and show gratitude to others for their contributions. We seek diverse perspectives as we recognize the value in teamwork and collaboration. Through grit, we take ownership, and we don’t give up.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.