Security Specialist

Resource required: 2 resources

Duration: Now – December 2021

Scope/ Deliverable:

Assist internal audit in conducting Fieldwork and testing during audits for Cyber security and Network and technology Infrastructure

Assist with issue monitoring and closure verification

Assist with Cybersecurity Audit testing and reviews

Review and Testing of general infrastructure and technology controls supporting business processes

Continuous Monitoring of technology activities

Skillset Required:

Qualifications: We seek individuals with 5 to 10 years IT auditing experience, preferably in financial services.

Required Technical skills:

For Cyber Auditors:

• Understanding of audit objectives and concepts, e.g., risk and control assessment.

•Understanding of Cyber frameworks: NIST, CSC, FFIEC handbook and frameworks .

• Vulnerability assessment and Pen test tools such as Burpsuite, Nessus, Metasploit, Kali-Linux etc

For Infrastructure Auditor (2-3 of the following)

• Network Architecture (LAN, WAN, DMZ, OOB)

• Network Security (IPS, IDS, FW, DLP)

• Virtualization concepts (Citrix, VDI)

• Storage (SAN, NAS, Replication)

• Backup, Recovery, Fusion (HA, DR), Load Balancers (App+ Infra)

• OS (Win, Unix, Linux, z/OS, AS400)

• DBMS (DB2, MS-SQL, Sysbase)

Required Auditing Skills

• Excellent written and oral communication skills, in particular related to audit practices (interviewing, drafting and finalizing audit issues, and audit results presentation)

• Ability to identify IT risk, the possible impact to the organization and evaluating the mitigating controls

• Ability to design, and execute effective audit testing (Manual, Automatic, including use of 3rd party tools).

Technology skills/background and related professional certifications (CISA, CEH, CISM, CISSP etc.).