Cyber Security Specialist

xpatjobs       |    Location:Quezon City , Metro Manila       |    Country:Philippines

About GoTyme GoTyme is a joint venture between the Gokongwei Group, one of the biggest conglomerates in the Philippines, and the Singapore-headquartered digital banking group Tyme. This venture combines the trusted Gokongwei brand, customer base, and distribution ecosystem with Tyme''s globally proven digital banking technology and hands-on experience building South Africa''s leading digital bank, TymeBank, which is one of the fastest-growing digital banks in the world today. At GoTyme, we have embarked on a journey to democratize financial services and bring next-level banking to the Philippines. We are seeking individuals who share our belief that the game is worth changing, to join our growing team of GoTymers as we build, launch, and scale a bank that empowers all Filipinos to navigate a path to financial freedom. About the role As a Cybersecurity Specialist, you will play a crucial role in ensuring the security and integrity of our organization''s information systems and data by continuously monitoring and improving the overall security posture of the Bank. You will be responsible for various aspects of cybersecurity, with a focus on Enterprise Security, AWS Cloud Security, Vulnerability Assessment and Penetration Testing (VAPT), Security Operations Centre (SOC) oversight, and security events review, monitoring, and response. This role also requires a good working knowledge in AWS cloud security and a strong understanding of cybersecurity best practices on the cloud in general as well as technical expertise and strategic thinking to protect the systems and data effectively. 1. AWS and Azure Cloud Security: Assist and collaborate with cloud engineering and security teams to ensure that end-to-end security requirements and compliance are met. Monitor and assess cloud infrastructure for security vulnerabilities, misconfigurations, and compliance with best practices. Deploy and manage AWS security tools and services, such as AWS Identity and Access Management (IAM), AWS CloudTrail, AWS Config, and AWS Security Hub. Perform random compliance check on the cloud security tools including policies implemented, contributing improvement of the cloud security posture and the protection of sensitive data. 2. Vulnerability Assessment and Penetration Testing (VAPT): Coordinate and work in parallel with Internal and External VAPT teams to validate the findings and the remediation plan. Track and monitor the VAPT findings & remediation status using the official tracker which will include the end-to-end SDLC process. Perform technical security check during pre-prod and post-prod deployment (SDLC process). 3. Security Monitoring: Monitor and create tickets for escalated events and be ready to respond, investigate and collaborate with other teams within the approved incident response SLA. This will also cover monitoring after office hours, weekends, and holidays. Monitor and validate security exceptions and alerts received from AWS security tools. Escalate to the Cyber Security Manager for confirmed incidents. Assist in the development, continuous improvement and maintenance of SOC procedures and playbooks. 4. Security Metrics Review, Monitoring, and Response: Collect, analyse, and report on security metrics/trends/observations, including key performance and risk indicators as part of monitoring and reporting the overall security posture of the Bank. Consolidate and analyse reports coming from threat intelligence sources especially those applicable to the Bank. Assist in the development and maintenance of regular security dashboards and reporting mechanisms. Respond to security incidents and breaches by following established incident response procedures. 5. Security Policy and Compliance: Assist in the development and maintenance of cybersecurity policies, standards, and procedures. Ensure compliance with relevant industry standards and regulations (e.g., ISO 27001, NIST, FFIEC, etc.). Participate in internal and external audits as needed. Consolidate evidence needed during audits (regulatory, internal, and external) and prepare presentations for the auditors. 6. Enterprise Security: Assess and enhance overall enterprise security posture. Assist in facilitating security awareness training program for employees. Collaborate with cross-functional teams to ensure security in integrated into all projects and processes. 7. Security Tool Testing and Deployment Assessment (pre-deployment & post-deployment) Perform security testing and security tool evaluation for future posture deployment to contribute to a proactive approach in adapting to evolving security challenges. Prepare reports on the results of the testing and identify areas of improvement. Must haves BS Degree in Computer Science, Information Security, Computer Engineering, or any related field Relevant industry security certifications (e.g., CISSP, CISM, AWS Certified Security Specialty, CompTIA Security+, etc.) are desired but not imperative. Relevant cloud certifi