Short-Term Consultant – Technical Cyber Risk and Security at Pezesha
Pezesha
- Kenya
- Contract
- Full-time
- Conduct a comprehensive assessment of our current cyber risk mitigation framework, including identifying potential risks, vulnerabilities and threats specific to our operations, data, architecture design, APIs and systems.
- Perform penetration tests
- Collaborate with internal stakeholders to develop and implement effective cybersecurity policies, procedures, and protocols – ensuring it matches our business requirements and regulatory environment.
- Perform audit and vulnerability assessments of our IT infrastructure, data warehouse, systems, and applications to proactively identify and mitigate security risks.
- Provide expert guidance and recommendations on the selection, deployment, and configuration of cybersecurity technologies, such as firewalls, intrusion detection systems, and endpoint protection solutions.
- Deliver training and awareness programs to educate our employees on cybersecurity best practices and promote a culture of security consciousness throughout the organization.
- Advise senior management on cybersecurity-related matters, offering strategic insights and actionable recommendations to enhance our overall cyber resilience.
- Develop documentation of cybersecurity policies, procedures, incident response plans, and other relevant documentation, ensuring compliance with applicable regulatory requirements.
- Come up with a monitoring and evaluation matrix and process we will use for internal security audit as an ongoing concern
- Security Monitoring and threat intelligence – implement security monitoring tools and processes to detect and respond to suspicious activities and threats in real-time.
- Develop and implement data access controls and encryption mechanisms to safeguard sensitive information stored in databases and data warehouses.
- Monitor data usage and access patterns to detect and respond to unauthorized or suspicious activities that may indicate data breaches or security incidents.
- Provide expert guidance and recommendations on data protection technologies and solutions, such as data loss prevention (DLP), encryption, and tokenization.
- Develop and maintain documentation of data governance policies, procedures, and data flow diagrams, ensuring alignment with regulatory requirements and industry best practices.
- Bachelor’s degree in Computer Science, Information Security, or a related field; advanced certifications (e.g., CISSP, CISM, CEH) preferred.
- Experience with Google Cloud Platform (or similar), database management and database security frameworks.
- Hands-on experience with data protection technologies and solutions, such as data encryption, DLP, and data masking.
- Proven track record of at least 5 years in a cybersecurity role, with specific experience in the fintech industry and familiarity with the regulatory environment in East Africa.
- In-depth knowledge of cybersecurity principles, frameworks, and best practices, including ISO 27001, NIST Cybersecurity Framework, and GDPR.
- Hands-on experience with cybersecurity tools and technologies, such as SIEM, DLP, IDS/IPS, and vulnerability management systems.
- Strong analytical skills and the ability to assess complex technical issues, identify root causes, and develop effective solutions.
- Excellent communication and interpersonal skills, with the ability to effectively engage with diverse stakeholders at all levels of the organization.
- Proactive mindset with a commitment to continuous learning and professional development in the field of cybersecurity.
Jobs in Kenya