Cyber Security Analyst GRC

Job Description

JOB TITLE:

Cyber Security Analyst - GRC

LOCATION:

Cape Town (Hybrid / Remote)

ABOUT CYBERLOGIC:

Cyberlogic is a trusted Managed Solutions Provider with offices in South Africa, Mauritius, and the UK. Serving a diverse range of clients, spanning numerous industries, including the international maritime sector, Cyberlogic specialises in IT leadership, cyber security, cloud solutions, and business intelligence. For almost three decades, Cyberlogic has been committed to enabling digital transformation through delivering unquestionable value.

Our delivery focus has enabled us to build up a national and international footprint of loyal clients that rely on us to provide transparent, open guidance to improve their processes, grow their businesses, and secure their data.

Cyberlogic is part of the Hyperclear Technology group, which boasts a diverse technology offering including robotic process automation (RPA), business process management (BPM) data analytics, and decisioning technology.

Through our non-profit, R4C (Ride for a Child), we partner with Bright Start Education Foundation, an organisation empowering deserving learners from underprivileged communities, providing holistic support and guidance throughout their educational careers.​

OUR VALUES:

• We challenge ourselves to be more AWESOME

• We are driven to KEEP learning and EVOLVING

• We look beyond symptoms to identify and RESOLVE ROOT CAUSES

• We hold each other accountable through CANDID and constructive FEEDBACK

• We respect and care for each other and know we will only SUCCEED if we work AS A TEAM

• We CARE deeply ABOUT the success of CYBERLOGIC

• We FINISH WHAT WE START

• We always GIVE OUR BEST even if it means putting in the hard yards

• We KEEP THINGS SIMPLE

PURPOSE OF POSITION:

As a Cyber Security Analyst - GRC, you will be responsible for conducting cyber security governance, risk management, and compliance projects for clients and internally. You will contribute to the development of policies, procedures and standards, assess and mitigate risks, and ensure clients adheres to relevant regulations and standards. You will play a key role in developing security metrics, conducting risk assessments, performing gap analyses, supporting and conducting audits and reviews, as well as engaging with clients on project-based work.

KEY RESPONSIBILITIES:

Governance:

• Develop and maintain cyber security policies, procedures, and standards aligned with operational needs and relevant regulatory or governance frameworks, while collaborating with clients to tailor and integrate these policies within their organisations.
• Conduct policy reviews, identifying areas for improvement and ensuring policies remain relevant and effective.
• Collaborate with stakeholders to finalise and gain approval for newly developed policies and procedures, ensuring alignment with business needs.
• Research and evaluate industry frameworks and regulations to identify those most applicable to the client, analysing regulatory requirements across categories (e.g., privacy, cybersecurity) to develop tailored compliance policies, procedures and frameworks.
• Assist in developing and enhancing the organisation’s cyber security related strategies and frameworks.
• Support the implementation of remediation measures.
• Present to clients.

Risk Management:

• Conduct thorough cyber security risk assessments, including third party assessments, across all IT systems, applications, and networks to identify threats and vulnerabilities.
• Identify and evaluate emerging security risks and create actionable remediation plans to address them.
• Develop and maintain a comprehensive risk register by keeping it updated with identified risks and corresponding control measures.
• Collaborate with stakeholders as needed by providing detailed information and evidence on identified risks to support remediation activities, and report to clients on critical security risks, recommending corrective or remediation actions.
• Support the development of risk management frameworks, mitigation strategies, and documentation.
• Present to clients.

Compliance:

• Assess compliance with industry standards and regulatory requirements such as PCI-DSS and POPIA to ensure adherence and identify any gaps.
• Evaluate the design and operating effectiveness of controls by conducting cyber security reviews and audits, analysing risks, reviewing evidence, and identifying gaps, strengths and weaknesses.
• Provide findings, areas of improvement and recommendations to close gaps, improve the organisation’s security posture and align to business objectives.
• Draft report on the findings and recommendations.
• Present assessment findings and documented recommendations to management through reports and/or formal presentations.
• Track external audit findings related to cyber security, and co-ordinate the timely resolution of any compliance gaps identified.
• Support and assist the Principal / Team Lead in specialised or complex audits.
• Propose enhancements to strengthen controls in alignment with best practices and regulatory requirements, while regularly reporting on the organisation’s security posture and compliance status to stakeholders.
• Assess control implementations by identifying gaps or weaknesses related to misconfigurations that could pose risks to the organisation’s security posture
• Maintain records of all compliance-related activities to ensure they are easily accessible for audits.

Security and Awareness Training:

• Develop and deliver security awareness training programs for employees to foster a culture of compliance.
• Track and report on employee participation in security training initiatives to gauge effectiveness.
• Research and suggest improvements to the security awareness strategy by analysing current training materials and identifying areas for enhancement.
• Conduct periodic phishing simulations to measure the effectiveness of the awareness program.
• Facilitate client discussions on security awareness findings to support clients in enhancing their security posture.

Ad hoc Projects and Internal Initiatives:

• Assist in the execution of project related activities. Act as a project team member, supporting planning and execution activities.
• Contribute and perform research on new technologies and perform technology evaluations.
• Participate in internal initiatives to enhance the team’s and Cyberlogic’s processes.

Continuous Learning:

• Stay up-to-date with industry trends and best practices to enhance technical expertise.
• Engage in hands-on learning by shadowing experienced Cyber Security Team members.
• Attend CyberLearning sessions on a weekly basis.
• Continuously upskill in the Cyber Security domain.
• Present on assigned topics regularly and collaborate with fellow interns.

KEY REQUIREMENTS:

Required:

• National Senior Certificate or equivalent.
• CompTIA S+. / CySA+
• At least 2-3 years working experience in information security governance, risk and compliance.
• CISA, CISM or CISSP preferable.

Desired:

• Bachelor’s Degree: In Computer Science, Information Technology, cyber security, or a related field Microsoft SC-100: Microsoft Cyber Security Architect
• Qualys

- Vulnerability Management Self-Paced Training

- Patch Management Self-Paced Training

- Web Application Scanning Self-Paced Training

- Cloud Agent Self-Paced Training

- Qualys API Fundamental Self-Paced Training

• Certifications such as ISO 27001 Lead Implementer or Auditor, CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional)
• Microsoft SC-400: Implement Information Protection in Microsoft 365
• Governance, Risk and Compliance Certification (CGRC)

CORE COMPETENCIES:

Technical Competencies & Skills:

• Intermediate understanding of Office 365 Platform.
• Intermediate understanding of network security principles
• Intermediate understanding of computer hardware components through training and guidance.
• Intermediate understanding of Microsoft Word.
• Intermediate understanding of Microsoft Excel.
• Intermediate knowledge of Vulnerability Tools such as Qualys or Nessus.
• Intermediate understanding of information security frameworks and benchmarks/ standards.
• Intermediate understanding of compliance and regulatory knowledge security frameworks and benchmarks.
• Intermediate skill in conducting internal and external audits related to information security.
• Intermediate skill in developing governance documentation.
• Intermediate understanding of cloud security controls and risk management for platforms like Azure, or Google Cloud.
• Intermediate knowledge of cloud governance and cloud-based security policies.
• Intermediate skill with data loss prevention (DLP), and identity and access management (IAM) technologies.
• Intermediate knowledge of data classification and privacy protection techniques.
• Intermediate auditing knowledge.
• Intermediate understanding of risk assessment and management methodologies.
• Intermediate skill in using GRC tools and platforms.
• Intermediate knowledge of security metrics.
• Basic understanding of project management principles and methodologies.

Beneficial:

• Structured
• Detail-Focused
• Rational
• Listening
• Collaboration
• Tenacious
• Self-Development
• Calm
• Striving
• Ethics

Should you work from home, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location to deliver your best in terms of performance and productivity.