Overview:

The Controls Testing Specialist - IT & Cybersecurity is responsible for the planning, execution, and reporting of controls testing activities to ensure the effectiveness of IT and cybersecurity controls. This role focuses on validating that systems, processes, and technologies are operating as intended to mitigate risks and comply with relevant regulations and standards. The specialist will work closely with IT, Information Security, Data Governance and compliance teams to identify control gaps, assess vulnerabilities, and provide recommendations for remediation.

What you will be doing:

Compliance Testing Strategy:

• Assist in the development and implementation of a risk-based IT and cybersecurity controls testing strategy aligned with industry standards (e.g., ISO 27001, PCI DSS) and regulatory requirements (e.g., BSP Circulars related to IT Risk and Cybersecurity).
• Support in the design and updating of test plans based on risk assessments, vulnerability scans, penetration testing results, and changes in the threat landscape.

Testing & Monitoring:

• Execute comprehensive controls testing procedures for IT infrastructure, applications, data security, access controls, incident response, and other cybersecurity domains.
• Conduct technical assessments, including vulnerability scanning, configuration reviews, and log analysis, to identify control weaknesses and vulnerabilities.
• Evaluate the effectiveness of security tools and technologies, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems.
• Perform testing of business continuity and disaster recovery plans, with a focus on IT and cybersecurity aspects.
• Document test results and evidence, ensuring traceability and accuracy.

Reporting & Documentation:

• Prepare detailed controls testing reports, documenting findings, assessments, and recommended remediation actions.
• Present findings to IT, information security, and compliance teams, highlighting control deficiencies and potential risks.
• Maintain accurate and up-to-date documentation of testing procedures, results, and remediation plans.

Risk & Regulatory Awareness:

• Stay informed about emerging IT and cybersecurity threats, vulnerabilities, and regulatory changes.
• Assess the impact of new technologies and security trends on the organization's control environment.
• Ensure that testing activities comply with relevant regulatory requirements and industry standards.

Continuous Improvement:

• Collaborate with IT and information security teams to enhance the organization's control framework and testing processes.
• Implement lessons learned from past testing activities to improve future assessments.
• Contribute to the development and maintenance of security policies, standards, and procedures.

Stakeholder Engagement:

• Work closely with IT, information security, and compliance teams to coordinate testing activities and address identified issues.
• Support internal and external audits by providing evidence and explanations of controls testing results.
• Coordinate with Maya Philippines IT and information security teams for One Maya IT and Cybersecurity controls testing activities.

What we are looking for:

• Relevant certifications (e.g., CISSP, CISA, CEH, CompTIA Security+) are highly desirable.
• Minimum of 2–4 years of experience in IT and cybersecurity controls testing, audit, or risk management.
• Experience with security tools and technologies, such as vulnerability scanners, penetration testing tools, and SIEM systems.
• Knowledge of common operating systems, databases, and network protocols. Familiarity with AI is an advantage.

Please refer to job description.