The IT Security Assurance Specialist, provides assurance for confidentiality, integrity, and availability of CCBA’s information and information systems.
This employee leads the planning and scheduling of a variety of internal and external security assessments so that the organisation can proactively ensure that any potential risks are identified and addressed.
The regular, professional, and efficient co-ordination and management of these security assessments assures business leaders and users that their online environment and data is adequately protected.
The IT Security Assurance Specialist establishes relationships between second and third lines of defense that is management and independent assessors.
This employee also ensures that all IT continuity and disaster recovery plans, processes and approaches adhere to internal security standards.
Key Duties & Responsibilities
Consulting with senior IT leaders and IT security colleagues to determine the requirements for internal security assessments.
Creating an annual plan and schedule of planned internal security assessments.
Scheduling the internal security assessments for new and existing key IT systems, processes and technologies including applications, databases, data centres and infrastructure.
Developing and performing IT risk assessments on new and existing key IT systems, processes or technologies including applications, databases, data centres and infrastructure.
Collaborating with other members of the Governance team to identify providers of independent security assessments and to contract them to deliver the services.
Facilitating the scheduled annual audit process, including ensuring that assessments are completed in a timely manner.
Facilitating the IT management response process and action plans related to internal and or external audit findings and self-reported risks.
Ensuring that remedial actions from security assessments and audit assessments are acted upon in a timely manner.
Providing management with timely and accurate report about status and progress of the risk audit process and the remediation thereof.
Acting as the IT liaison with enterprise risk and compliance management functions with regards to business continuity management.
Defining and developing the CCBA IT disaster recovery plans and ensuring that these plans remain up to date.
Ensuring that business impact analysis is periodically performed for every running application in the environment and mapped to required continuity controls.
Sharing information on disaster recovery with all relevant stakeholders and ensuring that they are trained and prepared for any disaster.
Continuously researching and reading relevant material to understand changes in the broader cyber environment which may result in risk.
Contributing to the preparation, review, and implementation and updating of risk and compliance policies, controls, and guidelines.
Providing oversight and support on on-going red-team exercises carried out by the Security Operations colleagues for identification of the evolving threat-and-risk landscape.
Lead implementation of cyber risks technologies such as honeypots, to closely understand the threats targeting CCBA.
Planning milestones for deliverables and deployment and creating a plan that visualise the timeline.
Meeting regularly with senior level business stakeholders to identify, agree and understand dynamic changes to their business unit and functional strategies.
Meeting regularly with risk management and business continuity colleagues in the rest of the business to discuss and agree organisational integrated risk management and to ensure comprehensive and effective business continuity plans are in place.
Preparing and delivering updates and reports as required by executive management and the business.
Supporting team members and collaborating by clearly communicating expectations, progress, constraints, and resolutions.
Supporting internal improvement initiatives within the IT department to ensure continuous business improvement.
Skills, Experience & Education
Bachelors Degree in Computer Science, Information Systems or related
Post Graduate qualification in Computer Auditing advantageous
Certifications (at least one of the following):
CRISC (Certified in Risk and Information Systems Control)
CISA (Certified Information Systems Auditor)
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
Certified in Governance, Risk and Compliance (CGRC)
Certified in the Governance of Enterprise IT (CGEIT)
BCS IT Governance & InfoSec Basis Practitioner
ITIL V4 Managing Professional
Relevant vendor/equipment specific certification
10 to 12 years general work experience with at least 5 years relevant experience in governance, risk, and compliance.
The advert has minimum requirements listed.
Management reserves the right to use additional or relevant information as criteria for short-listing.