Cyber Risk Specialist at Tezza Business Solutions Ltd

CYBER RISK SPECIALIST

Reports to the Head of IT an Cyber risk

Job Responsibilities

• Set-up internal second line of defense red team lab to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediations.
• Manage the external red team exercise ensuring that noted risks are remediated and tracked.
• Review and propose updates to cyber risk management and information security frameworks and policies on an annual basis at a minimum.
• Enforce implementation of the cyber risk management and information security framework ensuring that key gaps and risks noted are well discussed, actioned and escalated.
• Support is ensuring the architecting and creation of secure solutions for the cloud that adhere to industry best practices through detailed risk assessments.
• Support the evaluation of security controls against the IaaS and PaaS offerings provided.
• Support the creation and management of a new security risk management process to approve and authorize new capabilities and monitor the output of the process.
• As part of targeted risk assessments, review network architecture and artifact configurations (Firewalls, Routers, Switches, IDS, IPS) and give practical recommendations.
• Support first line IT units in coming up with baselines for implementation and in accordance with best practices these include baselines for secure coding, custom scripts and programs.
• Support in other reviews that might be allocated from time to time.
• Present findings with clarity to management and get buy-in for implementation of controls.
• Have the capability to mine forensic data for investigative and forensic if called upon.

Key attributes

• Deliver with minimal supervision.
• Avid researcher of best practices and happenings in the global cyber space.
• Engage key stakeholders on actions required.
• Team player and contributor.
• Strong problem-solving, persuasive skills and an ability to grasp abstract concepts and complex technology situations to challenge the status quo and further develop and build on our IT Risk Management Framework.
• Excellent communication skill, both verbal and written, with the ability to initiate and lead conversations with technology and business leaders and risk colleagues regarding anticipated and emerging issues.

Education

• Bachelor of Science (Computer Science), IT, Software Engineering.

Certifications

• CEH (certified ethical hacker) *MUST
• CISSP (Certified Information Systems Security Professional) * Added advantage
• OSWP (Offensive Security Wireless Professional) *Added advantage
• OSEE (Open System Engineering Environment) *Added advantage
• OSCP (BEST) (Offensive Security Certified Professional) *Added advantage

Key skills

• Must have demonstrated skills in penetration testing and ethical hacking having carried out:
• Password guessing and cracking attacks.
• Session hijacking and spoofing attacks.
• Network traffic sniffing attacks.
• Denial of Service attacks.
• Exploiting buffer overflow vulnerabilities.
• Good understanding of networks and networking elements.
• Good understanding of web pages and it's technology.
• Expertise in Linux machine recommended Kali and parrot.
• Familiar with various operating systems and databases

Experience

• 5 years + experience in penetration testing on expansive environments.