Cybersecurity Governance & Risk Analyst at Fincra

About The Role

This is a high-impact, collaborative role responsible for driving outcomes within the Information Security team. You would be working with relevant stakeholders across the different teams within the organization to implement Information Security standards and ensure the organization maintains compliance with industry standards and regulatory requirements.

We are seeking a highly skilled and motivated Cyber Security Specialist to join our dynamic team. As a Cyber Security Specialist, you will be responsible for safeguarding the organization’s digital assets and ensuring the integrity, confidentiality, and availability of systems and data. You will play a critical role in identifying and mitigating security risks, developing security policies and procedures, and implementing security solutions to protect against cyber threats.

The ideal candidate has technical knowledge and expertise that will help define and implement robust security strategies, frameworks, and governance processes.

Reporting Relationships & Stakeholder Engagement:

• Report to the CISO and working as part of the busy Information Security Team
• Working collaboratively with the CISO (Chief Information Security Officer), Engineering, Product Management, Product Design, Marketing, HR, and Compliance to ensure compliance with industry standards and regulatory requirements are being carried out in a professional, timely manner.
• Strong working relationship with Managing Team / Directors / Team Leads around the business.

Requirements

What you’ll be doing

• Collaborate with other members of the Information security team to perform risk assessment and recommend changes to procedures and systems to comply with global Information security standards.
• Collaborate with other members of the Information security team to provide a review of the organization’s ability to protect its information assets and its preparedness against cyber threats.
• Monitor and enforce compliance with Information Security policies and procedures according to PCI DSS regulatory standards.
• Work together with other members of the team to ensure the organization maintains the PCI DSS, ISO 27001 and ISO 22301 certification.
• Conducting regular security assessments and periodic internal reviews/audits to ensure that documented IT and cybersecurity procedures are followed.
• Developing and implementing security policies, procedures, and best practices to ensure compliance with industry regulations and standards.
• Monitoring network traffic and security logs to detect and respond to security incidents in a timely manner.
• Managing security technologies such as firewalls, intrusion detection/prevention systems, antivirus software, and encryption tools.
• Providing guidance and support to IT teams, developers and other stakeholders on security-related matters.
• Keeping abreast of the latest cyber threats, trends, and technologies and recommending appropriate security measures to mitigate risks.
• Work together with cross-business units to manage policies and risks in the context of the organization’s objectives and values.
• Other duties as assigned by the CISO.

What you’ll need

• Minimum of 4+ years experience as a Cyber Security Governance & Risk Analyst.
• Minimum of a Bachelor’s degree certificate.
• In-depth knowledge of security principles, practices, and technologies.
• Excellent verbal and written communication, especially in producing formal documents that are comprehensive and without ambiguities.
• Strong analytical and problem-solving skills.
• Ability to assess the likelihood (taking account of vulnerabilities and threats) and impact of cyber-attack techniques and deliberate or unintentional damaging actions by people within the organization.
• Ability to encourage and support colleagues, including those in other departments, to achieve shared objectives.
• Ability to work effectively within organizational policies, procedures, and security & legal constraints.
• Experience in applying risk management methodologies.
• Ability to assess the compliance of procedures and practice with agreed standards
• Self-motivated individual who is adaptive to change.
• ISO/IEC 27001/27017/27032/22301 Lead Implementer Certified, CEH, Comptia Security+ is desirable.
• Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!