Job Openings Cybersecurity Consultant (Risk & Security Assessment)

About the job Cybersecurity Consultant (Risk & Security Assessment)

Job Responsibilities:

  • Performs security and/or risk assessments and provide timely and practical recommendations to mitigate the identified risks
  • Performs security and/or risk assessments aligned with industry standards (ISO 27001/2, NIST, CIS, PCIDSS, SWIFT CSP, CSA CCM), regulatory requirements (BSP circulars and others), and best practices
  • Performs maturity assessments in cyber security and information technology
  • Participates in discovery workshops with other consultants and key stakeholders, both in IT and other business units
  • Participate in project presentation for client project team and other key stakeholders
  • Facilitate Security Training and Awareness


Qualifications:

  • Has more than 3 years of experience in Information Technology
  • At least 2-3 years of experience in security assessments (Cloud Security Assessment, Third Party Security Risk Assessments, ISMS/NIST Assessment, SOC 2 Type 2 Assessment, RCSA, Configuration Review, Architecture Review, Controls Review) (Mandatory)
  • Mus have facilitated at least one (1) IT Risk Assessment project
  • Working experience in Data Privacy (PDPA, GDPR, DPA of 2012), and Security Awareness and Training
  • At least 1 year of experience in consulting/advisory engagements (preferred)
  • Strong knowledge in IT Audit/Assessments and/or Maturity Assessments
  • Strong knowledge on information security standards and guidelines such ISO 27001/2, NIST, CIS, PCI DSS and SWIFT CSP
  • Understanding of local regulations (BSP circulars)
  • Understanding of Cloud Compute, Storage, Security and Virtualization best practice
  • Good in technical writing and infographic reporting
  • Strong time management skills which allow for multi-tasking while managing shifting priorities
  • Proven history of providing exemplary customer service to both internal and external stakeholders
  • Preferably has at least one of the following certifications:
    • ISC2 CISSP
    • ISMS LA/LI
    • ISACA CISA or CRISC
    • Relevant certifications for PCI DSS, SWIF, HITRUST and other industry security standards/guidelines

K


Or refer someone