- Conduct technology audits, in addition to focused areas of cybersecurity such as digital forensics, threat intelligence or penetration testing as well as more general IT process reviews within cybersecurity.
- Identifying areas for improvement and control gaps, and evaluating their significance and potential business impact.
- Presenting practical, informed and concise recommendations to senior leaders, developing action plans and preparing written audit reports to document findings.
- Collaborating with and educating process owners of the importance of a strong system of internal controls.
- Provide security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks.
- Determine if any compensating controls are necessary due to inability to comply with the primary control requirements
- Participate in all aspects of audit activities including risk assessments, planning, testing, control evaluation, work paper documentation, report drafting, issue clearance with cybersecurity and access management stakeholders, and follow-up/verification of issue closure
- Performing vulnerability and/or penetration tests on clients’ environment
- Complete, present to Security management, and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
- Designing and executing risk-based audit programs, in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
- Solid understanding of enterprise cyber security with experience of designing, operating or managing security solutions and controls within a complex global network.
Considerable knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, DLP,Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication.
- A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber-attack simulation.
- Knowledge of industry standards/regulations (ISO, NIST, PCI-DSS, PSD2, GDPR, NIS). Experience of managing cyber, IT or Information Security controls.
- Experience with technology infrastructure risk and controls, including administration of Network, O/S (Windows or Linux/Unix), Cloud, Database, Mainframe, and/or Middleware security control reviews
Knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools and toolsets e.g. Qualys,Kali, Backtrack, Net hunter, Bloodhound etc.
- Certified Information Systems Security Professional (CISSP) required.
- Additional preferred certifications: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA);
- For immediate response firstname.lastname@example.org(469.444.0022)