Careers at Sagility

The Cyber Risk Management professional is responsible for identifying, assessing, and mitigating risks associated with the organization's information systems and digital assets. This role involves developing and implementing risk management frameworks, conducting risk assessments, and collaborating with cross-functional teams to ensure cybersecurity policies and controls are effectively aligned with business objectives and regulatory requirements.
The individual will play a key role in enhancing the organization's cyber resilience by proactively managing threats, vulnerabilities, and compliance obligations. Strong analytical skills, strategic thinking, and a deep understanding of cybersecurity principles are essential for success in this role.Information Protection Advisor

• Understand the overall Third-Party landscape and accompany strategy and provide overall technical guidance to the, acting as conduit between Cigna Information Protection, Technology and the business
• Perform critical vendor cyber security risk assessments to review complex technology and business risks related to vendors security controls/posture and determine acceptance to company framework of controls
• Perform on-site technical and non-technical risk and vulnerability assessments of systems, networks, applications and infrastructure. Travel across different sites
• Liaise with key functional teams such as Technology, Legal, Privacy, BCP, Information Protection and relevant business stakeholders to perform third party security reviews on their new and existing vendors and identify risks that require remediation
• Perform comprehensive vendor security assessment, identify risk, determine appropriate risk levels, document risk in Archer GRC and recommend remediation or mitigation strategies to the business and/or technology teams
• Vendor Governance – partner with vendors hosting or accessing our data in regular frequency to identify changes to security posture, identify non-conformances to agreed up controls, and identify current threats to ensure they are taking necessary steps to reduce exposure and risk
• Work with business and technology teams to ensure security controls are built into IT functional specifications using leading industry practices and company defined controls
• Drive relevant stakeholder participation in evaluation of risk and control effectiveness
• Maintain expertise on security trends through training, research, and development in order to mitigate potential security exposure
• Develop vendor “personas” that provide a profile of vendor to include but not limited to overview of company, scope of services, statement of work (SOW), etc.
• Build trust with teams and stakeholders through open and honest conversation. Take action to ensure clarity and understanding of risk

Qualifications:

• Bachelor's degree in management information systems, computer science, cyber security or higher
• Possess expertise in multiple technologies and/or highly specialized areas
• Have a proven record track record of technical thought leadership and influence with IT and business management – including working to influence Information Protections best practices and partner to solutions, as appropriate
• Must demonstrate strong overall technical aptitude in the following but not limited to end user computing, network, voice/contact center, etc.
• Effective communicate complex technology models
• Demonstrate strong collaboration techniques to achieve a defined and common business purpose
• Minimum 4 years' experience performing Third- Part Risk Assessment within an Information Security, Information Technology or Operational Technology department
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA Certified in Risk and Information Systems Control (CRISC)
• Emerging technologies, such as Governance Risk and Compliance (GRC) technologies;
• Common third party risk industry standard, regulations, and regulators (e.g. FFIEC, OCC, FRB, GDPR, HIPAA / HITECH, HKMA, PRA, APRA, JFSA, RBI, BaFin, CFPB, SEC etc.), especially as it relates to building a program and/or managing internal controls, risk assessments, business process or operational auditing; and,
• Principles and industry leading practices in Risk Assessment skills, Audit background, including familiarity with SOC I (SSAE16) and SOC II, ISO 27001, etc
• Excellent analytical and problem solving skills with the ability to “think outside the box”
• Excellent oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audience
• Ability to influence and collaborate at all organizational levels
• Presentation skills, ability to prepare presentations, management reporting, and statistical analysis
• Ability to take initiative and work independently with minimal supervision in a structured environment
• Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations, and not always readily available
• Knowledge and understanding of risk assessments methodologies
• Strong organizational, multi-tasking, and prioritizing skills, with strong time management skills and ability to meet deadlines in a fast paced environment
• Experience communicating in both written and verbal formats with senior executive-level leaders, including the ability to articulate complex concepts in a clear manner
• Strong analytical skills with high attention to detail and accuracy

Quezon City, Bridgetowne GBF TowerPhilippines