Our client is seeking an experienced and highly skilled Senior Cyber Security Specialist to oversee their cyber security strategies and initiatives within the financial services, insurance, and lending sector. The ideal candidate should have a deep understanding of cyber security practices and trends and possess the leadership skills necessary to guide a team of professionals in implementing and maintaining an effective and comprehensive cyber security programme. The principal lead/specialist must be able to influence and broker conversation with executive level stakeholders to address cyber risk in a financial services entity.
Duties and Responsibilities:
- Taking a proactive approach to ongoing evaluation of cyber security policies to ensure adherence
- Supporting and assisting with the development and management of the 3-to-5-year Cyber Security Strategy
- Achieving and maintaining target Cyber Security Maturity levels
- Building relevant Business Cases for key initiatives and existing planned cyber programmes
- Supporting the design, development, and implementation of a Security Programme
- Ensuring a Cyber Security Incident Response Practice is in place
- Promoting awareness of security policies, training, and the governance strategy for sound security governance across the entity
- Actively managing risks on the Cyber Risk Register from intake to resolution
- Communicating risk assessment findings with key stakeholders to develop and monitor risk remediation plans
- Conducting regular compliance assessments with the Business to ensure current and emerging risks are monitored and managed
- Providing proactive control design and implementation guidance to the Business
- Monitoring and reporting on Process and Control Compliance
- Providing management with recommended actions
- Tracking and monitoring the implementation of audit remediation actions
- Designing status reports as well as insight reporting as and when required by management
- Leading reporting development with the use of automation and reporting tools to generate Cyber Risk metrics, i.e. KPIs, KRIs
- Providing management with assurance covering controls across the Business environments that are adequately designed and operating effectively
- Supporting management during audits as well as implementing and tracking management audit actions to closure
- Providing management with status update reports as well as insight reporting
Minimum Requirements:
- Degree or relevant tertiary qualification in Information Technology
- A minimum of 8+ years of experience in a Cyber Security role
- At least 5+ years’ experience in cyber governance, risk, controls, and compliance management in a technology environment
- At least 3 to 5 years of experience in IT audit and assurance management in a cyber or technology environment
- Knowledge of common information technology management and compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST
- Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI) and Data Security Standards
- High level understanding and Knowledge of Cloud Risk, Compliance and Assurance
- Proven experience managing and operating multiple security programmes, projects, and initiatives and related security tooling
- An ability to think strategically and drive change
- A deep understanding of Tech Security risks and mitigating solutions
- A diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware and spam technologies; risk and vulnerability assessments, and compliance
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- Windows, UNIX and Linux operating systems
- Web Application Security and Encryption
- Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams