The Cybersecurity Assurance Specialist role is responsible for conducting General IT Controls (GITC) assessments within production systems. This proactive role aims to audit production environments before compliance teams flag potential issues, ensuring vulnerabilities, gaps, and misconfigurations are identified and remediated. The primary focus is on auditing critical IT controls and configurations to maintain and enhance the organization’s security posture. For issues that cannot be immediately addressed, the role ensures they are properly documented in the Risk Control Self-Assessment (RCSA) for further remediation and mitigation.
Key Responsibilities
Proactive GITC Auditing and Vulnerability Identification (30%)
- Conduct regular audits of production systems to assess GITC and identify gaps in configurations, security controls, and vulnerabilities.
- Perform a thorough review of access controls, system configurations, data integrity, and compliance with internal policies and industry standards.
- Identify security risks and proactively recommend appropriate remediation actions to mitigate threats.
Risk Control Self-Assessment (RCSA) Documentation (30%)
- Work closely with Governance and Compliance teams to document key findings in the RCSA.
- Ensure gaps or issues that cannot be immediately resolved are properly recorded and tracked in the RCSA, with clear action plans for resolution.
- Continuously review and update the RCSA to reflect the current security and compliance posture of production systems.
Collaboration and Reporting (20%)
- Provide regular reports and recommendations to management and stakeholders on the status of audits, security risks, and remediation efforts.
- Collaborate with internal teams such as IT, security, and operations to ensure that gaps are effectively closed and issues are remediated in a timely manner.
- Support ongoing compliance initiatives by providing insights into security vulnerabilities and assisting with external audits.
Support and Continuous Improvement (20%)
- Assist in the preparation and execution of internal penetration tests and security assessments.
- Continuously assess and improve the current auditing and testing processes for efficiency and effectiveness.
- Provide recommendations on tools, processes, and methodologies to enhance the security posture of production systems.
Job Specifications and Qualifications
- Experience: Minimum of 4 years of experience in IT auditing, specifically in GITC, vulnerability assessments, and security controls within production systems.
- Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- Certifications: Professional certifications such as CISA, CISSP, or CISM are preferred.
- Frameworks: Strong knowledge of security frameworks and regulatory standards (ISO 27001, NIST, SOC 2, GDPR).
- Technical Proficiency: Expertise in auditing production systems, access controls, the general audit lifecycle, and security testing tools.
- Soft Skills: Excellent analytical and problem-solving skills, strong attention to detail, and the ability to collaborate with cross-functional teams.
How to Apply
Interested and qualified candidates should apply online via the NCBA Group career portal by visiting the link provided in the application section.
