Cyber Security IT Assurance Senior Analyst

Job Purpose

Perform and conduct IT assurance activities towards protecting the organization information assets and critical infrastructure. conduct technical IT cyber security assessments in addition to providing technical assurance capabilities that verify effectiveness of security controls and projects.

Principal Accountabilities

Operational

• Conduct IT cyber security analysis of the technology environment to identify gaps and recommend solutions for improvement.
• Conduct IT architecture assessments from technical security point of view
• conduct evaluation and assessment of available IT tools and countermeasures to remedy the detected vulnerabilities and recommend best solutions and practices.
• Conduct reviews and Validations of IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Preform cyber security review for systems development or acquisition projects related to IT environments
• Validate and verify IT systems security requirements definitions and analysis and established system security designs
• conduct periodic cyber security assessments of existing IT controls and the technology landscape within the Organization (vulnerability scanning, penetration testing and Red Teaming exercises).
• conduct configuration review of IT cyber security equipment.
• Assess and validate security configurations and access to security infrastructure tools, including firewalls, IPSs, Passive monitoring solutions and anti-malware/endpoint protection systems
• conduct secure security code review and dynamic security testing for applications related to IT environment.
• Conduct IT cyber threat modelling of services and applications that tie to the risk and data classification associated with the service or application

Stakeholder Management

• Build strong relationships and working collaboratively with internal/external stakeholders and customers to achieve objectives.

Education

• Degree: Bachelor’s degree in Computer Science, Engineering or Business field or equivalent, Diploma with additional relevant experience.
• MBA or Master’s degree in computer science, engineering, information security is preferable.
• Required professional certifications: Professional certificate such as CISSP, CISM, OSCP, CEH, CISA, GSEC.

Experience

• 6+ years of Information Technology experience.
• 3+ years of relevant working experience.
• Working experience in multiple industries (e.g. Oil & Gas, Energy, Utilities, Retail, Government…) is preferable.
• Working experience in cyber security assurance.
• Working experience in cyber security assessments.
• Working experience in cyber security architecture review.