Digital and Cyber Specialist at iOCO

Skills and Experience

What you’ll do:

• Conduct advanced penetration tests to identify vulnerabilities in computer systems, and networks.
• Develop custom testing methodologies.
• Provide technical guidance and mentorship to junior cyber.
• Prepare detailed reports and present findings.
• Stay up-to-date with the latest security threats, techniques, and countermeasures.

Key objectives:

Business Development

• Build rapport with process owners and stakeholders.
• Practice effective communication skills.

Financial

• Manage time in line with the allocated budget and communicate any potential delays or overruns.
• Assist with the achievement of digitisation goals.

Process

• Conduct advanced penetration tests to identify vulnerabilities in computer systems, networks, and applications.
• Develop custom testing methodologies and tools.
• Provide technical guidance and mentorship to junior cyber resources.
• Prepare detailed reports and present findings to stakeholders.
• Stay up-to-date with the latest security threats, techniques, and countermeasures.
• Conduct technical IT reviews/audits in accordance with approved Internal Audit methodology.
• Manage client interaction for allocated areas of scope.
• Attend audit team kick-off and close-out meetings.
• Prepare process analysis documentation (low complexity processes).
• Compile business understanding documents and flow charts.
• Develop and utilise a sound understanding of business processes, risks and controls including relevant regulatory and accounting issues.
• Identification of process, information and control gaps and seek additional information if necessary.
• Ensure that audit work and associated information generated is accurate, valid and comprehensive prior to review and/or reporting.
• Documenting findings and discussion with client in terms of factual correctness – asks for support where necessary.
• Draft and discuss own findings for inclusion in audit reports.
• Take responsibility to clear and finalise all own reported findings/reporting points.
• Review own working papers for quality and completeness before sending to Audit Manager for review.
• Ensure all review queries are cleared within a reasonable timeframe (expectation 48 hours).
• Focus on problem solving/high risk areas during the audit.
• Communicate any delays or difficulties experienced for corrective action.
• Track audit process status for allocated areas of responsibility and effectively communicate any anticipated challenges, delays, etc.
• Communicates knowledge gained throughout the audit engagement and/or otherwise with the team members.
• Assist in developing continuous control monitoring, auditing and automation.
• Contribute to knowledge sharing and upskilling programmes.

Human Resources

• Attend scheduled training.
• Take responsibility for own career and performance management.
• Contribute to training ideas and/or potential training
• Contribute to the social committee and attend team/social activities.

Other

Your expertise:

• 4-6 years related IT security experience and a minimum of 4 years in penetration testing.
• Strong understanding of network protocols, cryptography, and application security.
• Proficiency in scripting languages (e.g., Python, Bash) and penetration testing tools (e.g., Metasploit, Burp Suite).
• Strong communication skills and ability to articulate technical information clearly.
• Expertise in information security auditing, including operating systems, networks, and firewalls.
• Basic business and financial understanding.
• Basic insurance knowledge (an advantage).
• Sound understanding of IT, data and privacy related legislation and regulation.
• Stakeholder engagement (client interviewing).
• Deep knowledge of the threat landscape and security trends.
• Excellent problem-solving skills and ability to think like an attacker.
• Strong communication skills and ability to articulate technical information clearly.
• Risk management (basic)
• Report writing and drafting findings
• Issue identification
• Audit Planning
• Documentation skills
• Time management
• Root cause analysis
• Programming and ability to interpret source code

Qualifications required:

• Bcom IT /BSc IT degree as a minimum, as well as one or more of the following:
• Certified Ethical Hacker (CEH).
• Offensive Security Certified Professional (OSCP).
• Certified Information Systems Auditor (CISA).
• Certified Information Security Manager (CISM).
• Other Recognised IT Security certifications.