Cybersecurity Assurance Specialist

Description for Internal Candidates

Role Purpose

To ensure the effectiveness of cybersecurity measures by validating security controls, identifying gaps in security controls (including technology, processes, configurations, etc.), and developing mitigative strategies. This role focuses on ensuring various assessments are conducted regularly, aligning security capabilities with organizational policies, and driving continuous improvement in cybersecurity practices to protect the organization's assets within the set KPIs, agreed budgets and adopted policies and procedures.

Responsibilities for Internal Candidates

Key Accountability Areas

Key Activities

Security Controls Validation

• Perform cybersecurity reviews to identify gaps in security controls and architecture and conduct comprehensive annual audits of all SANS IT/OT assets, security controls, and databases to ensure adherence to organizational standards.
• Ensure protection and detection capabilities are aligned with the organization's cybersecurity defense strategy and are compliant with relevant regulations.
• Maintain an inventory of all security controls, ensuring comprehensive tracking and updating of their capabilities, while adhering to SANS-approved templates and branding guidelines for documentation.
• Develop a capabilities matrix for each security control, detailing their preventive, detective, and corrective features, and outline steps for securing sensitive information obtained during testing activities.

Cybersecurity Assurance

• Assure vulnerability and penetration assessments are conducted regularly, utilizing detailed methodologies for whitebox, graybox, and blackbox testing, followed by appropriate remedial action verification.
• Lead cybersecurity analysis of the technology environment to detect critical deficiencies and recommend solutions for improvement, responding to architecture design changes as necessary.
• Research, recommend, and evaluate cybersecurity solutions that identify and protect against potential threats, while continuously assessing for emerging threats.
• Contribute to the identification of opportunities for continuous improvement of systems and processes, considering leading practices, changes in the business environment which could lead to cost reduction, and productivity enhancement.
• Conduct offensive and passive security controls reviews and simulations to effectively measure the effectiveness of security controls, including assessing configurations, rules, coverage, and permissions to identify gaps.
• Validate the health of security controls through periodic checks of infrastructure, system performance, and licenses, ensuring full utilization by performing code reviews to identify vulnerabilities.
• Measure security controls' efficiency by mapping them to organizational risks and calculating Return on Investment (ROI), ensuring effective implementation of security control recommendations originating from risk assessments or incidents.

Auditing, Reporting, and Communication

• Conduct day-to-day activities while ensuring compliance with policies and procedures
• Regularly assess and report on cybersecurity trends, including the effectiveness and efficacy of implemented security controls.
• Establish appropriate communication channels with stakeholders to inform them of key security control performance metrics.
• Gather role-based feedback from both business and technical owners regarding the usage and efficacy of security controls to enhance their performance.
• Implement and automate security control management processes to track issues, assess gaps, and optimize control performance on an ongoing basis.
• Manage the platform and ensure comprehensive asset coverage while conducting regular reviews of the scanning schedule.
• Enhance and automate the vulnerability assessment process, including the development of reports and key performance indicators (KPIs).
• Support cybersecurity defense audit, compliance, risk and regulatory requirements.
• Supporting other cybersecurity defense functions (VM, TI, IR, TH and Assurance) in accordance with business need.

Qualifications for Internal Candidates

Knowledge and Experience

• A minimum of 6 years of experience is required.
• Preferred experience & Knowledge:
• experience in risk assessment, mitigation, and management, including risk scoring and the development of comprehensive risk management plans aligned with organizational risk appetite.
• Strong understanding of cybersecurity threats, vulnerabilities, and application security risks, with the ability to recommend and implement effective mitigative strategies.
• Proven experience with authentication and access control methods, ensuring alignment of security practices with organizational policies and compliance requirements.
• Familiarity with cybersecurity compliance, legal requirements, and aligning controls with industry frameworks such as NIST, ISO, or similar standards.
• Significant experience conducting security reviews, audits, and assurance activities, including configuration reviews of security controls and systems.
• In-depth knowledge of code reviews and strategies for addressing vulnerabilities in applications, promoting secure coding practices across development teams.
• Strong skills in cybersecurity communication, reporting, and stakeholder management, ensuring clarity and transparency in reporting security metrics and trends.
• Demonstrated experience in measuring the effectiveness, efficiency, and utilization of security controls, with the ability to map controls to organizational risks.
• Ability to automate and optimize security control processes, gathering feedback from stakeholders to enhance performance and compliance.
• Knowledge of industry best practices in service delivery, utilizing appropriate measurement metrics and techniques to assess service performance continuously.
• Familiarity with the implementation and configuration of various security controls (e.g., Firewalls, IPS/IDS, Email Security, DLP, Cloud Security) to ensure robust security posture across the organization.

Education and Certifications

• Bachelor’s degree in computer science, Engineering, Information Systems (or other relevant technical disciplines).

• Preferred Certifications (minimum one is required):
• GIAC Certified Incident Handler (GCIH)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Defensible Security Architecture (GDSA)
• GIAC Penetration Tester (GPEN)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Cloud Security Automation (GCSA)
• Any relevant certifications focused on Security Controls Implementation and Assurance