Cybersecurity Governance & Risk Analyst (Jnr) at Koraplay

About the role

This is a high-impact, collaborative role responsible for driving outcomes within the Information Security team. You would be working with relevant stakeholders across the different teams within the organization to implement Information Security standards and ensure the organization maintains compliance with industry standards and regulatory requirements.

As a Cyber Security Governance & Risk Analyst at Kora, you will be responsible for protecting the organization’s information systems and data, by setting policies, monitoring compliance, and following defined procedures to identify, assess and manage risks from external and internal threats, all guided by the organization’s view of risk.

This position is responsible for overseeing the risk management process and contributing to the resolution of complex issues by working with risk owners, general business managers, or colleagues in other departments such as Engineering, to manage policies and risks in the context of the organization’s high-level objectives and values.

The ideal candidate has technical knowledge and expertise that will help define and implement robust security strategies, frameworks, and governance processes.

Reporting Relationships & Stakeholder Engagement:

• Report to the CISO and working as part of the busy Cybersecurity Governance unit and the Information Security Team
• Working collaboratively with other Cybersecurity Governance & Risk Analysts, our CISO (Chief Information Security Officer), Engineering, Product Management, Product Design, Marketing, HR, and Compliance to ensure compliance with industry standards and regulatory requirements are being carried out in a professional, timely manner.
• Strong working relationship with Managing Team / Directors / Team Leads around the business.

Requirements

• Collaborate with other members of the Information security team to perform risk assessment and recommend changes to procedures and systems to comply with global Information security standards
• Collaborate with other members of the Information security team to provide a review of the organization’s ability to protect its information assets and its preparedness against cyber threats
• Ensure required Information Security policies and procedures are reviewed and updated in line with the Management System Standards
• Carry out periodic internal reviews/audits to ensure that documented IT and cybersecurity procedures are followed.
• Ensure that the organization complies with legal and regulatory requirements
• Evaluate the security posture of third-party vendors and work with them to meet security requirements
• Monitor and enforce compliance with Information Security policies and procedures according to PCI DSS regulatory standards
• Work together with other members of the team to ensure the organization maintains the PCI DSS, ISO 27001 certification 
• Work together with cross-business units to manage policies and risks in the context of the organization’s objectives and values.
• Other duties as assigned by the CISO.

What you’ll need 

• Minimum of 1-2 years experience as a Cyber Security Governance & Risk Analyst.
• Minimum of a Bachelor’s degree certificate
• ISO/IEC 27001/27017/27032 Lead Implementer Certified is desirable
• Excellent verbal and written communication, especially in producing formal documents that are comprehensive and without ambiguities
• Ability to assess the likelihood (taking account of vulnerabilities and threats) and impact of cyber-attack techniques and deliberate or unintentional damaging actions by people within the organization
• Ability to present logical, objective reasons for all decisions made
• Ability to encourage and support colleagues, including those in other departments, to achieve shared objectives
• Ability to work effectively within organizational policies, procedures, and security & legal constraints
• Experience in applying risk management methodologies
• Ability to assess the compliance of procedures and practice with agreed standards
• Problem-solving and analytical skills.
• Self-motivated individual who is adaptive to change.
• Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!