| Description: |
Nair Systems is currently looking Offensive Cyber Security Specialist for our Qatar operations with the following terms & conditions.
Required Skills:
Excellent oral and written communication skills (including report writing) in English and Arabic.
Good interpersonal and presentation skills.
Understanding of the relevant laws, regulations, and practices.
Ability to make decisions and follow through with initiatives.
Personal integrity and self-management.
Planning, organising, and analytical ability.
Results oriented.
Strong analytical skills and the ability to communicate both verbally and in writing with all levels of management.
Strong knowledge of penetration testing tools and techniques of application and infrastructure components.
Strong knowledge of DevOps/DevSecOps processes including cloud native architecture and relevant controls
Strong knowledge of operating systems (Windows, Linux, Android & iOS)
Strong knowledge of Kubernetes and container orchestration platforms
An understanding or experience with source code scanning and application development frameworks
Experience in designing and risk assessing multi-forest Active Directory domains
Programming experience (Python, Go, Rust, C#, etc)
Ability to work under pressure
Strong client focus Operating Environment/Location:
Education & Experience Requirements:
University graduate preferably with a Major in Marketing, Banking, Finance, Accounting, Economics, Business
Administration or Information Technology (related field of study), Masters preferred.
At least 4 years of experience in undertaking technical security assessments of complex IT solutions including
penetration testing, preferably within a highly rated international bank.
Experience in undertaking red team activities is beneficial
Professional certification such as CISSP, CISM, CISA is mandatory
Previous Banking or Big 4 Consultancy work experience is mandatory
Essential Duties & Responsibilities by Dimensions:
A. Shareholder & Financial:
Ability to adhere to divisional Key Performance Indicators (KPIs) for performance monitoring and quality
measurement purposes.
Implements KPIs and best practices for the SVP Offensive Cyber Security.
Promote cost consciousness and efficiency and enhance productivity, to minimise cost, avoid waste, and optimise
benefits for the bank.
Act within the limits of the powers delegated to the incumbent and delegate authority to the respective staff and
monitor exercise of the same.
Demonstrate clear understanding of the important factors behind the bank's financial & non-financial
performance.
B. Customer (Internal & External):
Ability to customise and use established methodologies, conduct technical reviews and penetration testing activities
of business applications and infrastructure projects e.g. technical risk assessments of internet facing applications,
workstation and server build platforms, databases, networking, and virtualisation technologies.
architecture design, compliance to IT security policies and relevant standards.
Ability to provide subject matter expertise for the enhancement of cyber security posture of the organization.
Ability to develop close relationships with IT and business teams. Understand and manage their requirements for
GIS risk services.
Ability to assist other teams in the Risk organisation with technical IT Security reviews and provide guidance as a
subject matter expert for cyber security.
Ability to provide Ad-hoc consultancy for risks of new technologies and propose with potential solutions.
Ability to identify opportunities and develop new ideas that will lead to improvements.
Ability to adapt/change behaviour or plans to better achieve the target/objective.
Ability to analyse a complex problem and identify potential solutions by exploring and analysing diverse alternatives,
including, where applicable, risks and potential business impact. Ability to make the right decisions based on the
necessary information and to take measures accordingly.
Ability to liaise with external consultants appointed from time to time to assess the adequacy and effectiveness of
the Groups information security efforts.
To assist customers in all their queries on Banks product and seek solution to their requests.
Maintain activities in accordance with Service Level Agreements (SLAs) with internal departments/units to achieve
improvements in turn-around time.
Build and maintain strong/effective relationships with related departments/units to achieve the Groups objectives.
Provide timely/accurate data to external/internal Auditors, Compliance, Financial Control and Risk when required.
C. Internal (Processes, Products, Regulatory):
* Ability to set high targets/objectives for self and department. Prefers to take the initiative than to stay passive if
events happen. Committed to improving productivity. Unwilling to accept average performance. Tries to be above
the requested performance.
* Ability identify own strengths and limitations. Seeks guidance and advice when appropriate to accomplish tasks
and perform the role in an effective and efficient way.
* Ability to play a constructive role as member of the team.
Ability to assess the effectiveness of the various information security systems and network topologies and evaluate
* Ability to provide required support for enforcing the security policies of the organization.
* Ability to build and maintain strong and effective relationship with all other related departments and units to achieve
the Groups goals/ objectives.
* Ability to keep Group Information Security Management apprised of the latest security trends and vulnerabilities.
D. Learning & Knowledge:
* Possess an understanding of business processes and controls in all related operational areas.
* Must have an expert understanding of information security issues, best practices, and a working knowledge of IT
systems.
* Proactively identify areas for professional development of self and undertake development activities.
* Seek out opportunities to remain current with all developments in professional field.
E. Legal, Regulatory, and Risk Framework Responsibilities:
* Comply with all applicable legal, regulatory and internal compliance requirements including, but not limited to,
Group Compliance Policies and Procedures (AML & CTF, Sanctions Policy, Data Protection Policy, Fraud Control
Policy, Whistle Blowing Policy, Conflict of Interest and Insider Dealing Policy).
* Understand and effectively perform your role under the Three Lines of Defence principle to identify measure,
monitor, manage and report risks.
* Ensure systematic good outcomes for clients in accordance with Conduct Risk policy.
* Support the framework of RCSA, KRI, Incident reporting and remediation, as appropriate, in accordance with the
Operational Risk Management requirements.
* Maintain appropriate knowledge to ensure full qualification to undertake the role.
* Complete all mandatory training provided by the Bank, attain, and maintain the required levels of competence.
Joining time frame: 2 weeks (maximum 1 month)
Should you be interested in this opportunity, please send your latest resume in MS Word format at the earliest at nishanthini.suda[at]nairsystems.com
|
