An industry certification e.g. ISO 27001 Lead practitioner, DEVSECOPS, CCSP CGEIT, CRISC, CISA, CISM and CISSP is strongly preferred.
Requirements:
DegreeRelevant tertiary qualification in Information technology and Minimum of 8 + years of experience in Cyber Security role where you meet business deliverables.
At least 8+ years experience in cyber governance, risk, controls, and compliance management in a technology environment
8+ years of experience in IT Audit and Assurance management in a Cyber or technology environment
Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard.
High level understanding and Knowledge of Cloud Risk, Compliance and Assurance
Proven experience managing and operating multiple security programs, projects, and initiatives and related security tooling
An ability to think strategically and drive change
A deep understanding of Tech Security risks and mitigating solutions
A diverse security background with knowledge in several areas including layered security architecture; internet protocols; firewalls; VPN technologies, IDS/IPS, network access control and network segmentation, anti-malware, and spam technologies; risk and vulnerability assessments, and compliance.
Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
Windows, UNIX, and Linux operating systems
Web Application Security & Encryption
Strong organizational skills and an entrepreneurial drive with a history of recruiting and developing high-performing teams
Ability to build and manage highly motivated and innovated technical/extended team
Ability to work under time and resource pressure
An ability and desire to communicate and work with a broad set of stakeholders
A customer-focused, responsive, and transparent attitude
Grasping of technical concepts rapidly and the ability to articulate these concepts to technical and non-technical audiences