- We are seeking a highly skilled, technical and experienced Short-Term Consultant specializing in Information Technology Cyber Risk and Security. As a consultant in this role, you will play a critical part in safeguarding our digital assets, ensuring compliance with relevant regulations, and enhancing the overall security of our organization. This is a short-term position with a specific focus on addressing immediate cybersecurity needs and providing recommendations for long-term security strategies.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field; advanced certifications (e.g., CISSP, CISM, CEH) preferred.
- Experience with Google Cloud Platform (or similar), database management and database security frameworks.
- Hands-on experience with data protection technologies and solutions, such as data encryption, DLP, and data masking.
- Proven track record of at least 5 years in a cybersecurity role, with specific experience in the fintech industry and familiarity with the regulatory environment in East Africa.
- In-depth knowledge of cybersecurity principles, frameworks, and best practices, including ISO 27001, NIST Cybersecurity Framework, and GDPR.
- Hands-on experience with cybersecurity tools and technologies, such as SIEM, DLP, IDS/IPS, and vulnerability management systems.
- Strong analytical skills and the ability to assess complex technical issues, identify root causes, and develop effective solutions.
- Excellent communication and interpersonal skills, with the ability to effectively engage with diverse stakeholders at all levels of the organization.
- Proactive mindset with a commitment to continuous learning and professional development in the field of cybersecurity.
How to Apply: Please send your CVs and cover letter to [email protected]. Kindly indicate the title of the job on the subject header of the email (REF 24/ QA and support engineer)
How to Apply: Please send your CVs and cover letter to [email protected]. Kindly indicate the title of the job on the subject header of the email (REF 24/Short-Term Consultant - Cyber Risk and Security ), you will be required to enclose your portfolio and undertake a technical security test.
- Conduct a comprehensive assessment of our current cyber risk mitigation framework, including identifying potential risks, vulnerabilities and threats specific to our operations, data, architecture design, APIs and systems.
- Perform penetration tests
- Collaborate with internal stakeholders to develop and implement effective cybersecurity policies, procedures, and protocols - ensuring it matches our business requirements and regulatory environment.
- Perform audit and vulnerability assessments of our IT infrastructure, data warehouse, systems, and applications to proactively identify and mitigate security risks.
- Provide expert guidance and recommendations on the selection, deployment, and configuration of cybersecurity technologies, such as firewalls, intrusion detection systems, and endpoint protection solutions.
- Deliver training and awareness programs to educate our employees on cybersecurity best practices and promote a culture of security consciousness throughout the organization.
- Advise senior management on cybersecurity-related matters, offering strategic insights and actionable recommendations to enhance our overall cyber resilience.
- Develop documentation of cybersecurity policies, procedures, incident response plans, and other relevant documentation, ensuring compliance with applicable regulatory requirements.
- Come up with a monitoring and evaluation matrix and process we will use for internal security audit as an ongoing concern
- Security Monitoring and threat intelligence - implement security monitoring tools and processes to detect and respond to suspicious activities and threats in real-time.
- Develop and implement data access controls and encryption mechanisms to safeguard sensitive information stored in databases and data warehouses.
- Monitor data usage and access patterns to detect and respond to unauthorized or suspicious activities that may indicate data breaches or security incidents.
- Provide expert guidance and recommendations on data protection technologies and solutions, such as data loss prevention (DLP), encryption, and tokenization.
- Develop and maintain documentation of data governance policies, procedures, and data flow diagrams, ensuring alignment with regulatory requirements and industry best practices.