NISG - Cyber Security Expert - Capacity Building & Audit Support

Cyber security expert for conducting capacity building and audit support

JD:

- An expert in cyber security who would assist the CISO of the state in designing, implementing and monitoring IT security across all state IT infrastructure.

- Ensure security documentation and lead through security compliance processes, accreditations, and/or authority to operate lifecycles.

- Design and evaluate security architectures / technology to meet data classifications' requirements, including privacy legislation and its impact on technical architecture.

- Develop, refresh and implement security policies, standards, guidelines, and procedures.

- Responsible for guiding the security teams in planning, implementing, and managing the overall system security strategy.

- Establishing, prioritizing, and approving the compliance, regulatory & interface requirements, high-level project planning, changes, improvements, and defect corrections.

Qualifications:

- Bachelor's/Master's degree in information technology, software engineering, computer science, or related field.

- 10 years of experience in implementation/consulting experience with Security, Compliance, and Risk Management including a mix of hands-on technical architecture work along with compliance and oversight with knowledge in implementation of information security principles, frameworks, policy enforcement, operating systems, web applications, and a high level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers.

- Understanding of ISO27001, certification/recertification, and preferably experience in implementation of policy according to legislation.

- 3 years of experience leading Cloud Security focused roles on delivering security in complex environments and defining security standards and cloud architectures for enterprise cloud systems and public cloud.

- Understanding of network security (incl. Network and Host IDS/IPS, WAF, SIEM, Antimalware, DLP, URL filtering, IDAM, SSO, and others)

- Experience with incident response, and understanding malware such as worms, viruses and trojans and countermeasures. Experience in designing architectures to meet security and compliance requirements for public sector entities.

- Experience building Security documentation packages and leading organizations through Security compliance processes, accreditations, and/or authority to operate life cycles.

Certifications:

- Certified information systems security professional (CISSP) preferred

- Certified Cloud Architect in AWS/Azure/GCP.