Cybersecurity Associate

You will work on various Security strategies, Risk and Compliance projects for our clients, or internal projects.

Fraud & Security Risk Assessment and Privacy & Risk Assessment

You will perform the following: solution architecture design review, application security assessment, infrastructure security assessment, cloud security assessment, container security assessment, vendor risk assessment, privacy impact assessment threat modeling and risk assessment, identity and access management, firewall policy review, fraud risk assessment, security and fraud contract review, project management

Information Security Assessment

Interviewing with relevant stakeholders

Performing analysis on security data and pieces of evidence to assist the IT and security teams in ensuring adherence to established IT security policies, architecture, and compliance with standards and protocols

Presenting gaps identified during assessments through preparation of technology risk reports for the IT department and senior leadership

Aligning with service owners on the outcome of assessments to frame proper risks with impact, likelihood and rating for compliance assessments

Updating risks identified in the risk management tool to register issues

Serving as the primary point of contact for all facets of information security assessments

To qualify for the role, you must have

Fraud & Security Risk Assessment and Privacy & Risk Assessment

A bachelor's degree in IT, computer science, computer engineering, management, business administration, or any related field

At least one (1) year of relevant experience in security design, architecture or operations covering any of the following: application security, infrastructure security, solution design, security architecture, software engineering, identity and access management

Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development

Good understanding of cloud security and modern architecture (microservices, serverless and automated delivery)

Familiarity with threat models and frameworks such as STRIDE, MITRE ATT&CK, CVSS, OCTAVE, OWASP Top 10

Excellent written and verbal technical communication skills

Working knowledge on NIST / CIS / ISO 27001

Relevant professional certification such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor or Lead Implementer

Ability to juggle many tasks and projects in a fast-moving environment

Experience with IAM concepts & technologies such as authentication, authorization, federation, administration, governance

Experience in working in consulting roles, interacting with clients, third parties or security vendors

Good understanding of cryptography as applied in security such as SSL and key management

Good understanding of web services, distributed systems or mobile applications

Good understanding of secure software development lifecycle, DevSecOps, agile method

Good understanding of cloud security and modern architecture

Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)

Has strong project management skills

Information Security Assessment

Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or any related field that deals with information security and conducting risk assessments.

Professional entry-level cybersecurity certifications such as Certified in Cybersecurity (CC) or CompTIA Security+

A broad understanding of information security functions in areas such as governance, risk, compliance, and security infrastructure.

Working knowledge on industry standards and frameworks such as ISO 27001/27002, NIST, and CIS.

Knowledge of different types of cyber threats, vulnerabilities, attack vectors, and countermeasures.

Strong analytical and problem-solving skills to identify security gaps and propose recommendations.

Ability to handle both technical assessments (reviewing penetration testing and vulnerability assessments reports) and non-technical assessments (policy review, procedure evaluation).

Experience in conducting risk assessments and auditing of information systems.

Knowledge about data privacy laws and regulations like GDPR, HIPAA, etc.

Excellent communication and report writing skills to share findings and recommendations with stakeholders.

What we offer

We off a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.

Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.

Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.

Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.