Cybersecurity Auditor (KSA National)

Designs, performs and manages cybersecurity audits to assess an organization s compliance with applicable requirements, policies, standards and controls. Prepares audit reports and communicates them to authorized parties.

Duties and Responsibilities:

• Maintain a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits. Perform system administration on specialized cybersecurity applications and systems.
• Perform risk analysis whenever an application or system undergoes a major change. Prepare cybersecurity assessment and audit reports that identify technical and procedural findings, and include recommended remediation strategies and solutions.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken. Effectively manage vulnerability remediation. Ensure an audit log of evidence of security measures is maintained. Review, conduct, or participate in audits of cyber programs and projects.
• Maintain knowledge of applicable cybersecurity defense policies, regulations and compliance documents as they pertain to cybersecurity defense auditing.
• Carry out an audit of application software/network/system security against documented cybersecurity policies and provide recommendations for remediation where gaps appear.
• Develop cybersecurity compliance processes and audits for services provided by third parties.
• Regularly review and ensure that cybersecurity policies and related documentation are aligned with the organization's stated business objectives and strategy.
• Ensure that security design and cybersecurity development activities are appropriately documented.
• Ensure that cybersecurity audits test all relevant aspects of the organization's infrastructure and policy compliance.
• Develop processes with any external auditors on information sharing in a secure manner.

Desired Candidate Profile

Skills

• Skill in applying core cybersecurity principles.
• Skill in determining the normal operational state for security systems and how that state is affected by change.
• Skill in effectively recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in conducting cybersecurity audits or reviews of technical systems.
• Skill in designing appropriate cybersecurity test plans.
• Skill in assessing security controls based on cybersecurity principles and tenets.
• Skill in using security event correlation tools effectively.
• Skill in using code analysis tools effectively.
• Skill in effectively performing root cause analysis for cybersecurity issues.
• Skill in effectively preparing and presenting briefings in a clear and concise manner.
• Skill in utilizing feedback to improve cybersecurity processes, products and services.
• Skill in determining the security control requirements of information systems and networks.
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance as necessary.
• Skill in applying appropriate cybersecurity controls.
• Skill in identifying test and evaluation infrastructure requirements.
• Skill in communicating with customers.
• Skill in managing test assets and resources to ensure effective completion of test events.
• Skill in preparing test and evaluation reports. Skill in reviewing logs to identify evidence of intrusions and other suspicious behavior.
• Skill in troubleshooting and diagnosing cybersecurity defense infrastructure anomalies and determining the root cause.
• Skill in using HR IT systems.
• Skill in conducting cybersecurity reviews of systems.
• Skill in understanding network systems management principles, models, methods and tools.

Needed Knowledge:

• Knowledge of network components, their operation and appropriate network security controls and methods.
• Knowledge and understanding of risk assessment, mitigation and management methods.
• Knowledge of relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy. Knowledge of the principles of cybersecurity and privacy
• Knowledge of cybersecurity related threats and vulnerabilities.
• Knowledge of the likely operational impact on an organization of cybersecurity breaches.
• Knowledge of cybersecurity authentication, authorization and access control methods.
• Knowledge of business practices within organizations.
• Knowledge of cybersecurity defense and vulnerability assessment tools and their capabilities.
• Knowledge of cybersecurity aspects of business continuity and disaster recovery planning and including testing.
• Knowledge of the organization's enterprise cybersecurity architecture.
• Knowledge of cybersecurity assessment and authorization processes.
• Knowledge of cybersecurity and privacy principles and organizational requirements.
• Knowledge of IT security principles and methods.
• Knowledge of all aspects of system lifecycle management.
• Knowledge of the national cybersecurity regulations and requirements relevant to the organization.
• Knowledge of the organization's core business processes and how cybersecurity affects them.
• Knowledge of organizational process improvement concepts and process maturity models.
• Knowledge of an organization's cybersecurity data classification requirement.
• Knowledge of the principal methods, procedures and techniques for gathering, producing, reporting and sharing cybersecurity information.
• Knowledge of the organization's evaluation and validation requirements in relation to cybersecurity risk management.
• Knowledge of the organization's local and wide area network connections and the risks they pose to its cybersecurity.
• Knowledge of best practices for reviewing and determining the suitability of technology solutions to meet cybersecurity requirements.
• Knowledge of all-source reporting and appropriate dissemination procedures.
• Knowledge of best practice auditing and logging procedures.
• Knowledge of formats and best practice for issuing cybersecurity compliance reports to external partners.
• Knowledge of the organization's formats for management and compliance reporting relating to cybersecurity risks, readiness and progress against plans.
• Knowledge of national and organizational document and information classification and marking standards, policies and procedures.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com