Who We Are

We are trusted, modern technology leaders in:

• Agile Software Development
• Quality Assurance
• Cloud Consulting and Managed Services
• Data Engineering and Analytics 
• Artificial Intelligence and Machine Learning

We use technology to enrich experiences, empower businesses, and uplift communities.

Our C.A.R.E. values:

• nourish Creativity
• embody Agility
• manifest Reliability
• pursue Evolution

The Role

A Security Analyst supports our continuous monitoring program as it relates to security reviews of our third party vendors. To be successful, we need someone who can complete security assessments of our existing vendors within several audit standards. This means having a standard security knowledge or training, an ability to quickly understand Block infrastructure and products, and the ability to deliver an audit final assessment of our vendors based on thorough research.

The Sourcing Security Assurance team at Block handles all incoming security reviews for our third party vendors, from software to professional services. The team also conducts continuous monitoring or due diligence of our existing vendors and is responsible for software governance for the entire company.

The Benefits

At Stratpoint, we enjoy the autonomy, lack of bureaucracy, and the freedom to experiment but without the chaos. We’re like a startup but with adult supervision.

You will be supported by capable management of HR, Finance and IT that adheres to the highest standards of integrity and good governance.

Hybrid is our mode of work, but when we need to come together, we have inviting open floor office spaces designed to spark gatherings, collaboration, and camaraderie.

Stratpoint employees enjoy:

• SSS, Pag-ibig and Philhealth benefits + company contribution
• a monthly miscellaneous allowance
• 13th month pay based on your monthly rate.
• Vacation and Sick leave
• Wellness programs such as Wellness Wednesdays
• HMO coverage
• Team buildings and quarterly events (company outings and festive celebrations for Chinese New Year, Valentines, Halloween and Christmas)
• And, friendly intramural competitions

Your Team

We are a team of young and eager adventurers. You will enjoy the collaboration of team members within the project and capability. You will also get the opportunity to work with external stakeholders in the successful completion of project objectives.

We work/You will work closely with our business partners, the household brands in technology, such as Amazon Web Services, Google Cloud, Microsoft and Outsystems.

Your Responsibilities

• Review vendor use and onboarding requests
• Establish vendor risk profiles based on information provided by the intake process
• Conduct comprehensive research and case investigations on use of the vendor across the Block enterprise
• Conduct due diligence assurance activities based on vendor risk profile, including reviewing independent third party audit reports, penetration test reports, risk assessments, internal audit reports, and other information security program assets
• Deliver work products supporting final risk decisions that are comprehensive and defensible to auditors
• Be able to ask stakeholders and external vendor personnel tough questions to drive to the correct, risk-based decision
• Work with a dynamic, fast-paced, and geographically-distributed team of experts

About You

You are/have: 

• An understanding of common security risks that a third party vendor, especially software, poses to a company
• Familiarity with SOC2, IS27001, NIST, PCI, etc.
• Strong knowledge of risk countermeasures and compensating controls
• Experience synthesizing information from disparate sources and driving any questions through resolution
• Ability to effectively project manage and prioritize a high volume of security reviews
• A thoughtful approach to technical analysis and ability to quickly assess new platforms
• Knowledge of ticketing systems, such as Jira, and the ability to learn new technologies or establish workarounds quickly
• Experience working in a remote team environment
• Has conducted vendor security assessments in the past
• Curiosity and interest in learning new technologies
• Experience in customer-facing roles and gaining cooperation across a diverse set of personnel

The requirements listed in this job description are guidelines, not hard and fast rules. You don’t have to satisfy every requirement or meet every qualification listed. If your skills are transferable and you are in the ballpark of what we are looking for, we encourage you to submit an application. We look forward to getting to know you more!