Information Security Analyst Subject Matter Expert (SME)

At Umpisa Inc., our mission is to make the Philippines be known globally as a tech hub. 

Umpisa Inc. is a progressive technology services company that partners with select industries, clients and people to work on pioneering and industry-changing solutions via digital transformation, modern software development and venture building.

We create a set of world-class and impactful products and solutions to help organizations and individuals live better lives. We offer demanding, challenging and rewarding careers in software development, product development, emerging technologies, and more for the right candidates.

As Information Security Analyst, you will:

• The Information Security Analyst (SME) is responsible for protecting the organization’s information assets by designing, implementing, and maintaining security controls, policies, and best practices. As a Subject Matter Expert, this role provides hands-on technical expertise, risk assessment, and advisory support across the business, ensuring compliance with security standards while enabling secure business operations.
• Compliance Monitoring: Support the implementation and monitoring of security policies to ensure compliance with applicable laws, regulations, and industry standards (e.g. ISO 27001, NIST)
• Participate in internal, external or regulatory audits as required. 
• Other work or projects as assigned.

Requirements

Essential Skills:

• Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity
• Strong communication skills
• Strong problem solving and analytical skills
• Excellent problem-solving ability

Key Responsibilities

Security Operations & Risk Management

• Act as the organization’s Subject Matter Expert on information security concepts, risks, and controls
• Identify, assess, and manage information security risks across systems, applications, and processes
• Monitor security events, incidents, and alerts; investigate and coordinate remediation actions
• Conduct regular vulnerability assessments and support penetration testing activities

Policy, Governance & Compliance

• Develop, review, and maintain information security policies, standards, and procedures
• Ensure alignment with industry standards (e.g., ISO 27001, NIST, SOC 2, or equivalent)
• Support internal and external audits, client security assessments, and compliance requirements
• Provide security guidance for data protection, access management, and secure handling of information

Advisory & Enablement

• Serve as a trusted security advisor to IT, Engineering, HR, and Business teams
• Review system designs, architecture, and changes to ensure security-by-design principles
• Support third-party risk assessments and vendor security reviews
• Translate complex security concepts into clear, actionable guidance for non-technical stakeholders

Awareness & Continuous Improvement

• Lead or support information security awareness and training programs
• Stay current with emerging threats, vulnerabilities, and security best practices
• Recommend and implement improvements to tools, processes, and controls

Minimum Requirements:

• Bachelor’s degree in Information Security, Computer Science, IT, or a related field (or equivalent experience)
• at least 5 years of experience in information security, cybersecurity, or IT risk roles
• Strong understanding of:
• Information security principles and frameworks
• Risk assessment and vulnerability management
• Identity and access management (IAM)
• Data protection and privacy concepts
• Experience working in a hands-on, SME or fast-growing organization
• Experience communicating policies and compliance requirements with both technical and non-technical audiences at various levels in the organization.
• Good experience in establishing and performing policy, standard and procedure assessment in a cloud-based environment, technologies, and services.
• Good experience defining, revising, and implementing corporate information security policies, standards, processes, guideline, and related regulatory expectations.
• Familiarity with various industry frameworks and requirements including NIST framework, ISO 27001, PCI DSS, SOC 2, etc.
• Passionate in ensuring the confidentiality, integrity, and availability of our critical assets and contributing to our organization's information security initiatives by applying your knowledge and attention to details.
• Able to work and communicate well with different stakeholders. 
• Remains composed when decisions have to be made quickly.

Preferred:

• Relevant certifications (any of the following):
• CISSP, CISM, CISA
• ISO 27001 Lead Implementer / Auditor
• Security+, CEH, or equivalent
• Experience with cloud security (AWS, Azure, or GCP)
• Familiarity with security tools (SIEM, endpoint security, vulnerability scanners)
• Good understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
• Good understanding of security risk and compliance assessment, process, and procedures
• Good to have Cybersecurity Fundamental certifications such as CompTIA Security+, ISC, etc
• Able to develop and implement new and improved ways of doing work; encourage staff and guide organization and foster a positive security behavior and posture.