Vulnerability Assessment & Management Head (Senior Officer)

Vulnerability Assessment & Management Head (Senior Officer)

Makati, NCR, Philippines Information Security & Data Protection Office

Job Openings Vulnerability Assessment & Management Head (Senior Officer)

About the job Vulnerability Assessment & Management Head (Senior Officer)

About the Job

Corporate Title : Senior Manager to Assistant Vice President

Work Arrangement: Hybrid

Our Information Security & Data Protection Office team is looking for experienced professionals to join us in Makati City with the role of Vulnerability Assessment & Management Head

In this role you will have to lead and advise on Information Security initiatives, overseeing a team to develop and execute cutting-edge vulnerability and threat management services across key assets. Manage a group of security professionals to conduct advanced testing and scanning methodologies, ensuring the security of systems, platforms, and applications within defined timelines.

Whether you're just starting out, or already a seasoned professional, EastWest can help you unleash your potential, and bridge the gap between dream to success.

At EastWest, we empower our employees to drive their careers and are committed to provide the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team, and a workplace that promotes development and goal attainment.

Over 29 years, EastWest has emerged as one of the most consumer-focused universal banks in the Philippines. EastWest is committed to continuously invest in people and in process, product, and service enhancements, and embrace new ideas to enhance the EastWest experience.

What the role will entail

• Manage the provision of team direction and establish individual goals and objectives to ensure the effective performance of the red team. Coach and mentor staff to foster their professional development and ensure their performance goals are met.
• Manage the execution of vulnerability assessment and penetration testing (VAPT) activities against a wide range of platforms, infrastructure, and applications. Oversee the identification and documentation of potential vulnerabilities to enhance the organization's cybersecurity posture.
• Ensure the inclusion of appropriate security controls in the design and development of new projects and/or key changes and the conduct of vetting processes to ensure adequate mitigation of vulnerabilities
• Manage the development and implementation of innovative testing methodologies, tactics, techniques, and procedures to ensure the red team remains ahead of evolving attacker techniques. Adapt and refine testing approaches to maintain the effectiveness of red teaming efforts in the face of emerging cybersecurity threats.
• Manage the preparation and delivery of comprehensive and well-documented reports highlighting identified vulnerabilities, including detailed mitigation strategies and recommendations for improvement. Present findings to stakeholders in a clear and concise manner to facilitate effective risk mitigation and enhancement of the organization's security posture.
• Develop, implement, and execute industry-leading vulnerability & threat management services, vulnerability remediation and patch management oversight across the enterprise.
• Manage risk-based vulnerability prioritization, reporting, and developing remediation steps
• Manage workshop processes and runbooks for vulnerability identification, analysis, remediation, and reporting
• Manage planning and execution of corporate vulnerability assessments and penetration testing engagements
• Analyze threat and vulnerability feeds and analyze data for applicability in the environment
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
• Manage executive-level reporting and maintenance of a threat database.
• Provide regular reports on the state of system security, threats, vulnerabilities, and patch management to all stakeholders.

What were looking for

• Bachelors Degree in either ICT, Computer Science, any related course
• Requires multiple Professional Security certifications (i.e. CISSP, CISM, etc.)
• Proven track record in PCI-DSS, ISO27001, NIST Cybersecurity Framework, Data Privacy program implementation experience
• At least 5 years work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or related role, ideally gained from the banking industry or similar environment
• Proficiency with VAPT tools such as Kali Linux, Tenable, Rapid 7, Metasploit, Burp Suite, Qualys, Nmap, etc.
• Must have experience in managing small to mid-size team, and demonstrable people leadership skills.
• Knowledge of vulnerability scanning, source code analysis, advanced network protocol manipulation, and custom penetration testing tool creation
• Strong understanding of Networking (TCP/IP, SSH, SFTP, VPN, Firewalls, Routers, etc.) and Server and workstation operating systems (Windows, Linux, etc.)
• Excellent verbal and technical writing communication skills.

What you can expect from joining our team

• Career development and training opportunities
• Competitive salary package and benefits
• Performance-based incentives and recognition programs to reward high-performing individuals
• Opportunity to work with industry experts and be mentored by them
• Defined career progression paths to guide you in your professional growth