CYBER RISK SPECIALIST Reports to the Head of IT an Cyber risk Job Responsibilities
Set-up internal second line of defense red team lab to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediations.
Manage the external red team exercise ensuring that noted risks are remediated and tracked.
Review and propose updates to cyber risk management and information security frameworks and policies on an annual basis at a minimum.
Enforce implementation of the cyber risk management and information security framework ensuring that key gaps and risks noted are well discussed, actioned and escalated.
Support is ensuring the architecting and creation of secure solutions for the cloud that adhere to industry best practices through detailed risk assessments.
Support the evaluation of security controls against the IaaS and PaaS offerings provided.
Support the creation and management of a new security risk management process to approve and authorize new capabilities and monitor the output of the process.
As part of targeted risk assessments, review network architecture and artifact configurations (Firewalls, Routers, Switches, IDS, IPS) and give practical recommendations.
Support first line IT units in coming up with baselines for implementation and in accordance with best practices these include baselines for secure coding, custom scripts and programs.
Support in other reviews that might be allocated from time to time.
Present findings with clarity to management and get buy-in for implementation of controls.
Have the capability to mine forensic data for investigative and forensic if called upon.
Deliver with minimal supervision.
Avid researcher of best practices and happenings in the global cyber space.
Engage key stakeholders on actions required.
Team player and contributor.
Strong problem-solving, persuasive skills and an ability to grasp abstract concepts and complex technology situations to challenge the status quo and further develop and build on our IT Risk Management Framework.
Excellent communication skill, both verbal and written, with the ability to initiate and lead conversations with technology and business leaders and risk colleagues regarding anticipated and emerging issues.
Education Bachelor of Science (Computer Science), IT, Software Engineering. Certifications
CEH (certified ethical hacker) *MUST
CISSP (Certified Information Systems Security Professional) * Added advantage