VBP

Cyber Governance, Risk and Compliance Specialist

VBP  •  Cebu City, PH (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

of the Role

The Cyber Governance, Risk and Compliance (GRC) Specialist supports the organization's information security governance by managing security risks, maintaining the Information Security Management System (ISMS), managing & developing the Cyber awareness program, and ensuring compliance with applicable policies, standards, and regulatory requirements. The role also coordinates risk assessments, audits, governance reporting, and continuous improvement initiatives to strengthen the organization's overall security posture.

Responsibilities:

  • Support the implementation, maintenance, and continual improvement of the organization's Information Security Management System (ISMS).
  • Develop, review, and maintain information security policies, standards, procedures, and related governance documentation.
  • Conduct information security risk assessments, develop & maintain the Information Security Risk Register, and monitor the implementation of risk treatment plans.
  • Coordinate internal and external information security audits, track audit findings, and ensure timely remediation of identified issues.
  • Conduct information security due diligence and risk assessments for third-party vendors, suppliers, and service providers.
  • Prepare and present governance reports, risk metrics, compliance dashboards, and management reports for executive leadership and governance committees.
  • Monitor emerging cybersecurity risks, regulatory changes, and industry best practices, and recommend improvements to governance, risk management, and compliance processes.

Requirements

  • Minimum 5 years' experience in Information Security GRC, IT Risk, Information Security, IT Audit, or a related field.
  • Bachelor's degree in Information Security, Computer Science, Information Systems, Risk Management, or a related field. Relevant professional certifications such as CISSP, CISM, CRISC, ISO/IEC 27001 Lead Implementer or Lead Auditor, CISA, CGRC, or equivalent are highly desirable.
  • Demonstrated experience in developing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), preferably aligned with ISO/IEC 27001.
  • Knowledge of security governance frameworks and standards such as ISO/IEC 27001, ISO 31000, NIST Cybersecurity Framework (CSF), CIS Controls, and applicable data protection and privacy regulations.
  • Experience conducting information security risk assessments, facilitating risk treatment plans, and monitoring risk mitigation activities across the organization.
  • Working knowledge of cybersecurity technologies, security operations, and incident management sufficient to assess risks, review reports, and provide governance oversight.
  • Strong written and verbal communication skills, including the ability to prepare governance reports, policies, executive briefings, and presentations for senior management and governance committees.
  • High level of integrity, professionalism, and commitment to confidentiality and ethical conduct.

Benefits

  • 500K per incident HMO coverage + Dental & Optical benefits ​
  • 2-week paid Christmas vacation​
  • Electricity & Data subsidies​
  • 25K Educational Assistance ​
  • Training and equipment will be provided​
  • Fixed Schedule of Mon-Fri from 7 AM to 4 PM​
VBP

About VBP

Built for Advice Firms. Backed by Australian Leaders.

VBP isn’t just familiar with advice firms - we were built for them. Designed specifically for planners, accountants and brokers, we bring together a global delivery team with the backing of Australia’s most experienced financial services executives. The result: deep industry insight and execution you can trust.

As a certified B Corp and founding member of the EOAP, we meet the world’s highest standards for ethics, transparency and impact: so you can partner with a business that balances purpose with performance.

And when it comes to protecting your business, security isn’t optional. We’re ISO 27001 certified, the global gold standard for information security. Our systems and processes safeguard your data, comply with Australian privacy laws and give you complete peace of mind. Because with VBP, security comes standard.

Industry
Finance & Insurance
Company Size
1,001-5,000 employees
Headquarters
Sydney, AU
Year Founded
2013
Website
vbp.au
Social Media