GENERAL RESPONSIBILITIES Perform risk assessment for in-flight projects and identify potential risks and make recommendations to address the risks and ensure compliance with cybersecurity standards and best practices. Collaborate with project managers, proponents, and members of the project team on the security requirements and risk mitigation strategies. Ensure timely response and delivery of quality security assessment reports Monitor, track and report (SLOs) Service Level Objectives Track risk mitigation completion performed by the project members Facilitate risk acceptance review and approval process of security requirements that cannot be implemented or complied in time for production. Keep abreast on emerging threats and vulnerabilities to evaluate potential risks applicable to the organization. Provide mentorship, guidance and supervision to a pool of Risk Assessment analysts. Continuous improvement on risk assessment processes Provide support requirements for the assessment and implementation of risk management tools ex: GRC (Governance, Risk, and Compliance), Risk Assessment and Third Party Risk Management Tools, etc. TECHNICAL COMPETENCIES Knowledge in operating systems and networking Knowledge in cloud environment is desirable. Knowledgeable on IT security domains based on industry standards ex: NIST Cybersecurity Framework, ISO 270001/2, CIS (Center for Internet Security), etc. Risk based approach and methodology on security assessments Some experience in project management Basic understanding of threat modeling ex: STRIDE and similar QUALIFICATIONS Bachelors degree in Computer Science, Engineering, Information Technology, etc. or Accountancy Four to five years work experience in Security Risk Management, IT (Information Technology) Technical Audit, or IT (Information Technology) Security and Solutioning Has excellent verbal and written communication skills. Has good presentation skill. Exhibits critical thinking. Strong leadership skills Any relevant Cyber Security certifications is preferred ex: CISSP, CISM, CISA, CRISC, ISO27000, and similar. Other relevant technical certification would also be an advantage