Job Description 

The Cyber Quality & Prevention team serves as an independent function to perform deep dives and thematic review on TISO functions’ compliance with policies, standards, guidelines, procedures, etc to assess the existence and effectiveness of existing controls. 

Roles and Responsibilities:

1. Determine the theme and scope of review to be performed.
2. Communicate the area of review and support the team in identifying existing risks and gaps.
3. Engage external consultants to perform reviews where required.
4. Validate the control design effectiveness of completed CDR capabilities
5. Identify the existence of compensating controls for identified risks.
6. Perform deep-dive investigations into identified issues to identify the facts and determine the root cause.
7. Present assessment results to management and relevant stakeholders, ensuring clear communication of risks and necessary actions.
8. Recommend remediation and mitigation strategies based on identified risks, while providing technical expertise and guidance where required.
9. Verify that remediation plans, and security postures are implemented as stated.
10. Monitor the implementation of audit recommendations and corrective actions.
11. Support the creation of remediation plans and track progress of remediation.
12. Ensure that all analyses from reviews forms part of the feedback support loop to aid in future roadmap developments and maintenance of TISO procedures.
13. Stay updated on industry trends, emerging threats, and new technologies.

Requirements:

1. Experience: Minimum of 4-6 years of (preferably) hands-on experience in penetration testing for web applications, mobile applications, and APIs, with a proven track record in red teaming and script development.
2. Educational Background: Bachelor’s degree in computer science, Computer Engineering, Information Security, or a related field, or equivalent practical experience.
3. Information Security Knowledge: Strong understanding of all aspects of information security, including network security, application security, and threat modelling.
4. Understanding of Cybersecurity Principles: Knowledge of security protocols, risk management, and compliance standards (e.g., NIST, ISO 27001).
5. Regulatory Familiarity: Knowledge of MAS TRMG and other relevant regulatory and industry standards, such as ISO 27001, NIST, or OWASP guidelines.
6. Communication Skills: Excellent verbal and written communication skills, with the ability to articulate technical concepts to both technical and non-technical stakeholders. Proven ability to work independently as well as collaboratively within a team.
7. Certifications: Relevant certifications from recognized organizations such as GIAC, Offensive Security, or CREST are required. Additional certifications like CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) are a plus.
8. Technical Proficiency: Preferably hands-on experience with penetration testing tools and frameworks, including Kali Linux, Burp Suite, Tenable, Metasploit, and secure code review tools.
9. Scripting Skills: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation of testing processes and tool development.
10. Vulnerability Assessment: Experience in conducting vulnerability assessments and security audits, with the ability to analyse and report findings effectively.
11. Team Collaboration: Experience working in teams and collaborating with other IT staff and departments.