Senior Associate - Cyber Security (Non-pentest)

What will your typical day look like?

Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next-generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organisation that provides an exceptional career experience with an inclusive and collaborative culture?

Responsibilities:

• Deliver cybersecurity and privacy assessments and advisory services such as cyber maturity assessments in accordance with NIST CSF and assessments of compliance with international standards such as ISO 27001, PCI-DSS, SWIFT, GDPR, etc . and local cybersecurity regulations such as Cybersecurity Law

• Deliver multiple risk assurance services, including IT security vendor selection, cyber security project management, vulnerability assessment, penetration testing, incident response, threat hunting, and SOC 1,2,3 (ISAE) assessment

• Identify cybersecurity risks and design controls tailored to the client’s environmentInterview key stakeholders and assess the effectiveness of cyber security design and operations

• Design and develop cyber security documents including policies, processes, procedures, and guidelines

• Consult and advise clients on cybersecurity strategies and roadmaps

• Perform security configuration reviews for networks and systems in accordance withgood practices/standards

• Engage in specific types of cyber security advisory and consulting projects related to DevSecOps , DLP, IAM, PAM, cloud security operations, etc.

• Supervise and review work actively, providing support to other team members

• Lead the team to challenge the status quo and exceed expectations

• Work actively in supporting and monitoring business development areas and in following up on proposal processing in accordance with client expectations

• Continuously research and follow up on the latest IT security and privacy challenges and technologies (mobile, digital trust, IoT, cloud, blockchain etc . )
  

You are someone with:

• 4+ years of proven experience in IT security operations, system security configuration review, IT security compliance assessment and/or cybersecurity audit

• Experience in applying IT and cybersecurity frameworks and standards (such as NIST, CIS, COBIT, ISO standards, etc.) in the cybersecurity assessment process

• Experience in identifying , assessing and reviewing local cybersecurity regulations such as Cybersecurity Law, Circular 09/2020 in Banking Industry, etc.

• Experience in cybersecurity risk assessment and design and/or operation of cybersecurity controls

• Experience in IT system development (SDLC) methodology and/or information security management systems (ISMS)

• Experience in operating and/or implementing IT security solutions including firewalls, IDS, IAM, PAM, WAF, DLP, etc.

• Experience in specific cyber security processes and technology such as incident response, DevSecOps , DLP, IAM, PAM, etc.

• Knowledge of enterprise information security architecture

• Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non - technical audiences

• Excellent written and verbal communication skills

• Self-motivation, excellent teamwork, commitment and confidence

• Preference will be given to candidates who hold one of the following industry certifications: OSCP, OSDA, SSCP, CySA +, CCSK, CEH, CHFI, ECIH, CCNP, CREST, SANS, GIAC or equivalent

• Preference will be given to candidates who hold relevant cloud certifications: AWS, Azure, GCP

• Strong preference will be given to candidates who hold one of the following professional certifications: CISSP, CCSP, CSSLP, CISM, CISA, CRISC, CIA, PMP, ISO 27001 LA or equivalent