Managing Security Consultant

Manila City, Metro Manila
Permanent
Full-time

11 days ago

Managing Security ConsultantDepartment: Cyber Services and CapabilitiesEmployment Type: Full TimeLocation: PHL ManilaDescriptionWhy this role?Do you enjoy helping organisations understand, secure, and strengthen their supply chains against modern security threats? At NCC Group, you'll help clients manage risk beyond their own perimeter, across suppliers, partners, vendors, and critical service providers.You'll work at the intersection of cyber security, risk management, and operational resilience, supporting organisations as they respond to increasing regulatory scrutiny, geopolitical risk, and complex third-party ecosystems. This is high-impact consulting work that blends strategic advisory, governance, and practical security improvement across supply chains.Responsibilities

Assess supply chain security risk: Conduct third-party and supply chain security assessments, identifying systemic risks across vendors, service providers, and technology dependencies.
Design supply chain security frameworks: Develop and implement supply chain security strategies aligned to standards such as NIST CSF, NIST 800-161, ISO 27036, ISO 28000, and emerging regulatory requirements.
Strengthen third-party risk management: Support the design and improvement of third-party risk management (TPRM) programmes, including due diligence, onboarding, assurance, and ongoing monitoring.
Advise on secure supplier engagement: Help clients embed security requirements into procurement processes, contracts, supplier assurance models, and service-level agreements.
Analyse concentration and dependency risk: Identify critical supplier dependencies, single points of failure, and cascading risk across complex supply networks.
Test and validate controls: Support scenario-based exercises, tabletop simulations, and risk walkthroughs focused on supplier compromise, service disruption, or geopolitical impact.
Engage senior stakeholders: Translate technical and operational findings into clear, business-relevant insights for executives, boards, and risk committees.
Collaborate across disciplines: Work alongside cyber security, resilience, legal, procurement, and operational teams to deliver integrated supply chain security outcomes.
Mentor and contribute: Coach junior consultants and contribute to reusable methodologies, assessment tools, and thought leadership in supply chain security.

A week in the life (example)Monday: Run a supply chain risk workshop with a critical infrastructure client, mapping supplier dependencies and risk concentration.Tuesday: Perform a third-party security assessment for a strategic technology provider.Wednesday: Design a supply chain security framework aligned to regulatory expectations and client risk appetite.Thursday: Facilitate a tabletop exercise simulating supplier compromise and downstream business impact.Friday: Present findings and prioritised recommendations to senior stakeholders and agree next steps.How we work

Pragmatic > performative. We focus on achievable, sustainable resilience rather than perfection on paper.
Collaborative by default. You'll work alongside cyber, continuity, and risk experts across NCC Group's global network.
Curious mindset. Research time, labs, and thought leadership contributions are part of our rhythm.
Inclusive and flexible. We value diversity of thought and support hybrid working that fits your life.

Skills, Knowledge & ExpertiseWhat you'll bring

Strong experience in supply chain security, third-party risk, or operational risk consulting, ideally in complex enterprise environments
Practical understanding of vendor risk, supplier assurance, and ecosystem-level security threats
Familiarity with relevant standards and frameworks such as:
NIST SP 800-161 (Supply Chain Risk Management)
ISO 27036 (ICT Supply Chain Security)
ISO 28000 (Supply Chain Security Management)
NIST CSF, ISO 27001 (as applied to third parties)
Ability to engage confidently with technical teams, procurement, legal, risk functions, and executive leadership
Experience conducting risk assessments, workshops, or assurance activities with third parties
Strong written and verbal communication skills, able to produce concise reports and deliver clear recommendations

Nice-to-haves

Experience with regulatory and compliance drivers (e.g. DORA, NIS2, SOCI, critical infrastructure regulations)
Understanding of software supply chain security (e.g. SBOMs, secure development, open-source risk)
Exposure to geopolitical risk, sanctions, or operational resilience
Certifications such as:
CISSP, CISM, CRISC
ISO 27001 / 27036 Lead Implementer or Auditor
Supply chain or risk-related certifications

Job BenefitsWhat do we offer in return?We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.

NCC Group

Apply Now