Sign In
Skip to content
← Back to job listings

Risk Management Associate

VBP · Remote, Cebu, Philippines

CybersecurityJunior LevelRemoteQuick applyfull-time14 days ago

About The Role

Overview of the Role

The Risk Management Associate coordinates and executes daily tasks supporting the organisation’s Enterprise Risk Management (ERM) framework, Information Security Management System (ISMS), and compliance programs.

This junior-to-mid-level role bridges the gap between administration and risk analysis by helping operational teams maintain accurate risk registers, collating audit evidence, and reviewing change requests. Through proactive tracking and structured reporting, the Associate ensures the organisation remains continuously aligned with ISO 27001, ISO 31000, SOC 2, and NIST standards.

Major Responsibilities

Risk Assessment & Tracking

  • Identify, assess, and monitor operational, security, regulatory, and strategic risks.
  • Conduct initial reviews of risk assessments
  • Maintain, update, and quality-check the corporate risk registers [ISO 31000].
  • Monitor risk treatment plans, controls and follow up with owners on remediation progress.
  • Analyse risk data to help prepare dashboards for executive leadership.
  • Facilitate baseline risk assessment of workflows with operational business units.
  • Prepare and coordinate risk reporting for executive leadership and regulatory bodies.
  • Assist coordinating and tracking implementation of controls identified during risk assessment

Audit Coordination & Evidence Gathering

  • Serve as one of the points of contact for internal and external audit logistics.
  • Collate, verify, and organise evidence files for internal audit, ISO 27001, ISO 22301 and SOC 2 audits.
  • Track audit findings, log corrective actions, and escalate overdue items.

ISMS & Security Control Support

  • Support day-to-day maintenance of ISMS and BCMS processes to protect ISO 27001 and ISO 22301 certification.
  • Review, update, and distribute information security policies and procedures.
  • Manage the information asset inventory and verify asset ownership logs.
  • Coordinate and track mandatory employee security awareness training completion.

Incident Response & Change Management Governance

  • Log security and operational incidents and track post-incident remediation tasks.
  • Assist in organising data and drafting reports for risk assessments and post-incident reviews.
  • Evaluate routine operational change requests for completeness and risk impact.
  • Verify that proper approval of workflows and audit trails is maintained for changes.

Compliance & Governance

  • Prepare documentation and responses for regulatory inquiries, client due diligence, or third-party assessments.
  • Produce periodic reports on risks, incidents, audit status, ISMS performance, and compliance metrics.
  • Support preparation of Board, Audit Committee, and Risk Committee materials.
  • Maintain dashboards and performance indicators to measure the effectiveness of risk and security programs.

Training, Awareness & Stakeholder Engagement

  • Conduct training aligned with Risk, Compliance & Regulatory Affairs (RCRA) requirements.
  • Deliver BCMS, emergency response, and information security training across the organisation.
  • Assist in communicating policy updates, awareness campaigns, and readiness activities.
  • Assist in facilitating workshops with process owners to improve recovery strategies, risk controls, and security posture.
  • Carries out tasks as delegated by the immediate head/SLT

Requirements

  • Minimum of 2–4 years of experience in risk management, compliance, IT audit, or information security.
  • Bachelor’s degree in Industrial Engineering, Information Security, IT, or related field.
  • Experience in risk management, information security, compliance, or internal audit.
  • Understanding of ISO 27001 and audit methodologies.
  • Practical understanding of risk frameworks (ISO 31000, NIST) and strategies
  • Experience in coordinating incident response and internal audit activities.
  • Familiarity with disaster recovery, business continuity, infrastructure dependencies, and operational risks.
  • Experience in documentation for management systems (policies, SOPs, process diagrams, IR guides, audit evidence, etc.)
  • Good analytical skills with the ability to interpret risks, evaluate controls, and drive improvements.
  • Ability to work independently and collaboratively with cross-functional teams.
  • Strong communication, presentation, stakeholder engagement, and organisational skills.
  • Ability to remain calm and effective under pressure.
  • High attention to detail, strong ethics, and professional integrity.
  • Results-driven mindset with strong business acumen.

Benefits

  • 500K per incident HMO coverage + Dental & Optical benefits ​
  • 2-week paid Christmas vacation​
  • Electricity & Data subsidies​
  • 25K Educational Assistance ​
  • Training and equipment will be provided​
  • Fixed Schedule of Mon-Fri from 7 AM to 4 PM​
  • Visit website

ABOUT US

VBP is an Australian company with operations in the Philippines that provides business growth, consulting, and delivery capabilities to more than 260 of the most innovative and disruptive financial services firms across Australia.

Our consulting-led approach leverages services in strategy, process improvement, intelligent automation, data analytics, and operations. We specialise in supporting financial firms, accounting practices, and mortgage brokers.

HOW WE STARTED

In 2013, VBP embarked on a visionary journey to transform how advice is delivered in Australia. From humble beginnings, we steadily evolved and embraced an open book management system by adapting the Great Game of Business in February 2021, and in the same year, we secured our first Great Place To Work certification.

Expanding our reach became a defining theme in our journey. In July 2022, we proudly celebrated the achievement of 1000 dedicated Team Members.

We have offices in Cebu and in Cagayan de Oro, with our third and newest office launched last August 2023 at JEG Tower. 2023 marks a pivotal moment for our business as we completed the strategic acquisition of Elixir Consulting, strengthening our position in the Australian Consulting space and supporting our expanded service offering. We also won our GGOB Healthy Company Award, maintained our GPTW certification and ISO certification, and became a certified B Corporation.

These milestones reflect not only our commitment to growth but also the vibrant community we’ve fostered, laying the foundation for a remarkable legacy as expert growth partners for Australian financial services firms.

WHAT WE OFFER

we have a deep understanding of the everyday challenges and insights into the strengths of enterprises we encounter. At VBP, we specialise in enhancing operational efficiencies and addressing cost-to-serve challenges for financial services firms. Our focus revolves around four key service:

Accounting, Bookkeeping, and Report Management

Financial Planning Assistance

Mortgage Broking Assistance

Paraplanning

In addition to these core services, we offer tailored business consulting services to optimise back-office operations across these four critical areas. With its offers and services, VBP aims to streamline Australian financial service firms’ operations and elevate their business to the next level.

To learn more about us, visit http://vbp.au.

Let's connect!

This listing was posted by a verified recruiter at VBP. Report this listing