Cyber Security Lead
About The Position
The position is supposed to discharge the responsibilities in all Cyber Security related areas globally. Following are major areas and their responsibilities:
- Conduct security audits and prepare to report.
- Have expertise in monitoring and compliance of different tools (OPM, ADAudit), processes (security control processes, controls (corrective and preventive), software (licensing and compline), network traffic (NetFlow, Wireshark), etc.
- Implement risk management frameworks (i.e. ISO-27001, NIST) which include conduct risk assessment, perform gap analysis and propose and implement risk mitigation plans.
- Conduct penetration testing using OWSAP, Burp Suit, NMAP, Nessus, and Kali Linux.
- Conduct vulnerability assessment.
- Implement email security controls e.g. SPF, DKIM, DMARC.
- Analyze cybersecurity laws issued by regulatory authorities and implement accordingly.
- Implement incident response framework (preferably NIST, MITRE) including forensic analysis, RCA, prepare the report and recommend action items/lesson learned.
RnD and Implementation:
- Conduct RnDs in different IT areas e.g. new and emerging technologies, security controls, new threats, areas of improvements, security controls, security frameworks, optimization of IT resources, monitoring tools.
- Implement ISMS i.e. ISO 27001 Security Controls at INTECH global offices.
- Write and implement policies in accordance with ISO 27001, NIST, regulatory and corporate laws.
- Get the DRPs implemented for all major and critical IT and security areas.
Training and Awareness:
- Conduct security awareness training to INTECH worldwide resources on regular basis.
- Enhance security awareness by sharing material with resources like flyers, posters, screen savers for new features/security controls.
- Conduct security surveys to get feedback and focus on week highlighted areas.
Documentation & Reporting:
- Keep INTECH IT and security documentation updated.
- Prepare regular and ad-hoc reporting e.g. Hardware health, internet traffic flows, antivirus, network equipment, and devices, and share with concern management on a defined frequency.
- Share DRP testing results on a regular frequency.
- Prepare security monitoring and compliance dashboard using Power BI.
- Hands-on working on Microsoft, Systems, Networks Technologies.
- Knowledge of cybercrime laws/requirements for each country.
- Ability to analyze and evaluate INTECH security policies, procedures and identify their strengths and weaknesses
- Hands-on knowledge of information security risk assessment process.
- Knowledge of conducting audits, preparing audit reports, presentation to management.
- Excellent documentation (writing policies etc) skills.
- Knowledge of network and applications attacks and prevention techniques.
- Knowledge of NIST, MITRE, ISO-27001, OWASP, CVSS, OSINT, GDPR, autopsy, Power BI
- Preferably candidate must have BCS/BS Computer Science degree from a reputable university.
- ISO 27001 Lead Implementer and Auditor Certifications (preferable).
- CISA / CISSP Certifications (must)
- CEH / Penetration Testing Certification (preferable)
- CCNP R&S / Security
- Minimum 3-4 years of work experience in the security field.
- Excellent written and verbal communication skills
- Lahore, Pakistan