View all jobs

Cyber Risk Specialist

Nairobi, Nairobi
Reports to the Head of IT an Cyber risk
Job Responsibilities
  • Set-up internal second line of defense red team lab to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediations.
  • Manage the external red team exercise ensuring that noted risks are remediated and tracked.
  • Review and propose updates to cyber risk management and information security frameworks and policies on an annual basis at a minimum.
  • Enforce implementation of the cyber risk management and information security framework ensuring that key gaps and risks noted are well discussed, actioned and escalated.
  • Support is ensuring the architecting and creation of secure solutions for the cloud that adhere to industry best practices through detailed risk assessments.
  • Support the evaluation of security controls against the IaaS and PaaS offerings provided.
  • Support the creation and management of a new security risk management process to approve and authorize new capabilities and monitor the output of the process.
  • As part of targeted risk assessments, review network architecture and artifact configurations (Firewalls, Routers, Switches, IDS, IPS) and give practical recommendations.
  • Support first line IT units in coming up with baselines for implementation and in accordance with best practices these include baselines for secure coding, custom scripts and programs.
  • Support in other reviews that might be allocated from time to time.
  • Present findings with clarity to management and get buy-in for implementation of controls.
  • Have the capability to mine forensic data for investigative and forensic if called upon.
 Key attributes
  • Deliver with minimal supervision.
  • Avid researcher of best practices and happenings in the global cyber space.
  • Engage key stakeholders on actions required.
  • Team player and contributor.
  • Strong problem-solving, persuasive skills and an ability to grasp abstract concepts and complex technology situations to challenge the status quo and further develop and build on our IT Risk Management Framework.
  • Excellent communication skill, both verbal and written, with the ability to initiate and lead conversations with technology and business leaders and risk colleagues regarding anticipated and emerging issues.
Bachelor of Science (Computer Science), IT, Software Engineering.
  • CEH (certified ethical hacker) *MUST
  • CISSP (Certified Information Systems Security Professional) * Added advantage
  • OSWP (Offensive Security Wireless Professional) *Added advantage
  • OSEE (Open System Engineering Environment) *Added advantage
  • OSCP (BEST) (Offensive Security Certified Professional) *Added advantage
Key skills
  • Must have demonstrated skills in penetration testing and ethical hacking having carried out:
    • Password guessing and cracking attacks.
    • Session hijacking and spoofing attacks.
    • Network traffic sniffing attacks.
    • Denial of Service attacks.
    • Exploiting buffer overflow vulnerabilities.
  • Good understanding of networks and networking elements.
  • Good understanding of web pages and it's technology.
  • Expertise in Linux machine recommended Kali and parrot.
  • Familiar with various operating systems and databases
5 years + experience in penetration testing on expansive environments.


Share This Job

Powered by