Back to jobs

Senior Security Analyst

Manila, Philippines

Most companies claim to have the best people. We say to them, "Keep dreaming." Our people are second to none. They set us apart with their entrepreneurial spirit and ambition. They come to us from the likes of Amazon, Microsoft, Nordstrom, Starbucks and the sports world, bringing energy, bold ideas and a willingness to dive into the unfamiliar. It's our people that make BDA the top global Merchandise Agency to work for.

Job Summary
This position will work directly with the Director of Information Security and Compliance, and is responsible for performing 3rd party audits, risk and security assessments for vendors, contractors, and customers. Ensures that IT Security and risk-based practices are applied to systems, devices, applications, databases, and personnel roles as required for regulatory compliance. Systems examples include but are not limited to monitoring systems, early anomaly detection and response, MFA, IDS/IPS, Security Information & Event Management (SIEM), data loss prevention (DLP), vulnerability management, cloud environment controls, and user activity. Responsible to assist in the development, deployment, and maintenance of corporate information security strategy. In the event of an IT security incident or breach, this candidate will assist on the IT Security Incident Response Team.

DUTIES AND RESPONSIBILITIES
Information Security Management:
•    Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our information systems.
•    Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats.
•    Monitor security events and incidents, analyze security logs, and respond to security breaches promptly.
•    Assist in the development and enforcement of security policies, procedures, and guidelines.
•    Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices.
•    Stay up-to-date with the latest security technologies, trends, and best practices to continually improve our security posture.
Compliance and Regulation:
•    Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).
•    Conduct compliance assessments and audits to validate adherence to security standards and requirements.
•    Prepare reports and documentation for internal and external stakeholders to demonstrate compliance.

•    Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.
•    Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.
Risk Assessment and Mitigation:
•    Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.
•    Develop risk mitigation strategies and recommendations to enhance overall security posture.
•    Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.
Training and Awareness:
•    Conduct security awareness training sessions for employees to promote a security-conscious culture.
•    Educate staff on security policies, best practices, and procedures to reduce human-related security risks.
Incident Response and Forensics:
•    Participate in incident response activities and support investigations into security incidents.
•    Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.

JOB SKILLS AND TRAITS
•    Experience in Privacy Management and regulation. GDPR, CPRA, CCPA, etc. 
•    Experience with AWS and Azure Cloud.
•    Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.
•    Experience with hardening standards for servers, desktops, laptops, networking devices.
•    Experience with Pen Tests and Vulnerability Scans. 
•    Understanding of malware, network threats, attack vectors, incident response.
•    Information security issues in an open, highly distributed networked environment.
•    Enterprise Intrusion Prevention Systems.
•    The secure use and system administration of desktop and server operating systems.
•    Internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML.
•    Database technologies such as Elasticsearch, SQL, or Oracle.
•    Identification and authentication technologies.
•    Knowledge of cloud, container-based and virtualization architectures.
•    Encryption techniques, algorithms, and approaches.
Desired 
•    Higher education or government agency information security experience
•    Experience handling and protecting information at a variety of sensitivity levels
•    Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST
Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc, a plus

QUALIFICATIONS

•    5+ years experience in cybersecurity or information security
•    Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.
•    Proven experience in information security, compliance, or a related field.
•    Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.
•    Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, etc.).
•    Understanding of risk assessment methodologies and risk management practices.
•    Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.
•    Excellent analytical and problem-solving skills with attention to detail.
•    Effective communication and collaboration skills to work with cross-functional teams.
•    Ability to stay abreast of industry trends and emerging security threats.

BDA is more than a workplace - it’s a family. For more than four decades we’ve promoted a vibrant and welcoming culture that not only accepts but demands you to be different. The quirky, the bold, the creative and the unique make up the foundation of a company that the most iconic brands in the world look to help tell their story through the power of merchandise.

Connect With Us! Not ready to apply? Connect with us for general consideration.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Education

Select...

Select...
Select...
Select...
Select...