Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!
Key Responsibilities
Lead the design and execution of long-term initiatives to enhance the maturity of the Third-Party Security Management (TPSM) program.
Lead, mentor, and develop a team of security analysts, ensuring high-quality output
Identify process inefficiencies and lead optimization efforts to reduce assessment turnaround times without compromising risk standards.
Direct and lead TPSM Team cross-functional projects
Define and maintain the third-party security assessment framework, including risk tiering and criteria, assessment methodology, and reporting criteria.
Oversee the assessment and validation of third party security controls
Collaborate with Legal to negotiate security clauses and "right-to-audit" provisions in third-party contracts.
Manage escalations and third party security gaps to ensure alignment with company policies and global regulations (e.g., GDPR, NIST, ISO).
Implement processes for the ongoing surveillance of third party security postures
Lead the response to third-party security incidents, ensuring proper mitigation, breach notification compliance, and post-incident reporting.
Develop and present program metrics and risk indicators to senior leadership to inform risk-based decision-making.
Requirements:
Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or a related field.
Highly preferred: CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Auditor.
Minimum of 7 years in cybersecurity or information security.
Minimum of 4 years directly managing or performing third-party security risk assessments.
Proven experience leading a security team and managing enterprise-scale third party security risk programs.
Project management skills are a plus
Deep technical knowledge of NIST, ISO 27000 series, SOC 2, PCI DSS, and Cloud Security Alliance (CSA) standards.
Proficiency with TPRM and GRC platforms (e.g., OneTrust, Archer, ProcessUnity, or ServiceNow) and ticketing systems (e.g., JIRA).
Ability to explain complex technical risks to non-technical stakeholders and negotiate effectively with external partners.
Strong analytical skill and ability to leverage data and automation to scale risk assessment processes.
What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package