Cyber Threat Intelligence Analyst supporting IT Security team in identifying and mitigating cyber threats. Ensuring network security and protecting company secrets in high - tech environment.
About the role
- Cyber Security Analyst responsible for governance, risk management, and compliance projects for clients and internally at Cyberlogic. Engaging with clients on project-based work while developing policies and standards.
Responsibilities
- As a Cyber Security Analyst - GRC, you will be responsible for conducting cyber security governance, risk management, and compliance projects for clients and internally.
- You will contribute to the development of policies, procedures and standards, assess and mitigate risks, and ensure clients adheres to relevant regulations and standards.
- You will play a key role in developing security metrics, conducting risk assessments, performing gap analyses, supporting and conducting audits and reviews, as well as engaging with clients on project-based work.
- Governance: Develop and maintain cyber security policies, procedures, and standards aligned with operational needs and relevant regulatory or governance frameworks, while collaborating with clients to tailor and integrate these policies within their organisations.
- Conduct policy reviews, identifying areas for improvement and ensuring policies remain relevant and effective.
- Collaborate with stakeholders to finalise and gain approval for newly developed policies and procedures, ensuring alignment with business needs.
- Research and evaluate industry frameworks and regulations to identify those most applicable to the client, analysing regulatory requirements across categories (e.g., privacy, cybersecurity) to develop tailored compliance policies, procedures and frameworks.
- Assist in developing and enhancing the organisation's cyber security related strategies and frameworks. Support the implementation of remediation measures. Present to clients.
- Risk Management: Conduct thorough cyber security risk assessments, including third party assessments, across all IT systems, applications, and networks to identify threats and vulnerabilities. Identify and evaluate emerging security risks and create actionable remediation plans to address them. Develop and maintain a comprehensive risk register by keeping it updated with identified risks and corresponding control measures. Collaborate with stakeholders as needed by providing detailed information and evidence on identified risks to support remediation activities, and report to clients on critical security risks, recommending corrective or remediation actions.
- Support the development of risk management frameworks, mitigation strategies, and documentation. Present to clients.
- Compliance: Assess compliance with industry standards and regulatory requirements such as PCI-DSS and POPIA to ensure adherence and identify any gaps. Evaluate the design and operating effectiveness of controls by conducting cyber security reviews and audits, analysing risks, reviewing evidence, and identifying gaps, strengths and weaknesses. Provide findings, areas of improvement and recommendations to close gaps, improve the organisation’s security posture and align to business objectives. Draft report on the findings and recommendations. Present assessment findings and documented recommendations to management through reports and/or formal presentations. Track external audit findings related to cyber security, and co-ordinate the timely resolution of any compliance gaps identified. Support and assist the Principal / Team Lead in specialised or complex audits. Propose enhancements to strengthen controls in alignment with best practices and regulatory requirements, while regularly reporting on the organisation’s security posture and compliance status to stakeholders. Assess control implementations by identifying gaps or weaknesses related to misconfigurations that could pose risks to the organisation’s security posture Maintain records of all compliance-related activities to ensure they are easily accessible for audits.
- Security and Awareness Training: Develop and deliver security awareness training programs for employees to foster a culture of compliance. Track and report on employee participation in security training initiatives to gauge effectiveness. Research and suggest improvements to the security awareness strategy by analysing current training materials and identifying areas for enhancement. Conduct periodic phishing simulations to measure the effectiveness of the awareness program. Facilitate client discussions on security awareness findings to support clients in enhancing their security posture.
- Ad hoc Projects and Internal Initiatives: Assist in the execution of project related activities. Act as a project team member, supporting planning and execution activities. Contribute and perform research on new technologies and perform technology evaluations. Participate in internal initiatives to enhance the team's and Cyberlogic's processes.
- Continuous Learning: Stay up-to-date with industry trends and best practices to enhance technical expertise. Engage in hands-on learning by shadowing experienced Cyber Security Team members. Attend CyberLearning sessions on a weekly basis. Continuously upskill in the Cyber Security domain. Present on assigned topics regularly and collaborate with fellow interns.
Requirements
- National Senior Certificate or equivalent.
- CompTIA S+. / CySA+
- At least 2-3 years working experience in information security governance, risk and compliance.
- CISA, CISM or CISSP preferable.
- Desired : Bachelor’s Degree: In Computer Science, Information Technology, cyber security, or a related field
- Microsoft SC-100: Microsoft Cyber Security Architect
- Qualys - Vulnerability Management Self-Paced Training - Patch Management Self-Paced Training - Web Application Scanning Self-Paced Training - Cloud Agent Self-Paced Training - Qualys API Fundamental Self-Paced Training
- Certifications such as ISO 27001 Lead Implementer or Auditor, CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional)
- Microsoft SC-400: Implement Information Protection in Microsoft 365 Governance, Risk and Compliance Certification (CGRC)
Benefits
- Structured
- Detail-Focused
- Rational
- Listening
- Collaboration
- Tenacious
- Self-Development
- Calm
- Striving
- Ethics
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Risk Analyst supporting cyber risk management activities for PokerStars and other brands. Ensuring accurate risk documentation, reporting, and stakeholder engagement in Cluj - Napoca, Romania.
Analista de segurança de informação supporting the maintenance of data privacy and protection programs at Minsait. Involves audit support, training, and compliance with legislation.
IT Security Analyst assisting in managing technology environments ensuring security compliance. Supporting Brasilseg's platforms with adherence to best practices in software and hardware.
Senior Cybersecurity Analyst applying RMF concepts to enhance cybersecurity for defense program. Conducting risk assessments and developing reports, based in Colorado Springs, CO.
Junior Information Security Analyst assisting federal clients at OCT Consulting with NIST security assessments and risk analyses. Responsible for executing hands - on security control assessments and recommending process improvements.
Journeyman Information Security Analyst providing expertise to federal clients in Security Controls Assessments and Risk Analyses. Responsibilities include technical assessments and recommendations for security improvements.
Information Security Analyst supporting security practices at Silimed, the leading silicone implant manufacturer in Latin America. Ensuring compliance and resilience in critical OT & IT environments.
Security Analyst focusing on incident response and threat intelligence for Infotree Global Solutions. Collaborating on investigations and proactive security analysis across the global enterprise environment.
Security Analyst defending enterprise systems against cyber threats. Supporting threat intelligence and incident response activities in a global biotechnology organization.