Key Responsibilities:
Cloud Security:
- Perform cloud and system security control assessments under supervision of senior team members.
- Assist in evaluating cloud governance frameworks, policies, and processes.
- Assess technical and business requirements for cloud risk and compliance considerations.
- Provide recommendations and alternative approaches for risk prevention, mitigation, and response.
Data Protection:
- Support assessments of clients data protection practices against local regulations (e.g., PDPA) and international standards (e.g., GDPR, ISO 27701, ISO27001, NIST Cybersecurity and Privacy frameworks).
- Conduct gap analyses and compliance assessments, contributing to detailed reports and actionable recommendations.
- Collaborate with multidisciplinary teams on risk management, governance frameworks, and regulatory compliance.
- Engage with data security, privacy management, and risk assessment tools and technologies.
Cyber Simulation:
- Assist in planning and executing cybersecurity exercises, including scenario development and reporting.
- Conduct discovery of client's technology infrastructure, cyber resilience programs, incident response plans, and playbooks.
- Design exercise scenarios relevant to client environments and context.
- Engage operational, technical, and management teams in exercise preparations.
- Provide recommendations for improvement and contribute to exercise reports.
- Support business development activities such as proposals, bids, and client presentations.
Security Governance Standards & Strategy:
- Support the development of cybersecurity strategies for clients.
- Conduct gap assessments against cybersecurity standards and regulations (e.g., NIST, CSA CCoP, ISO27001, CSA Cyber Trust Mark).
- Evaluate the design and effectiveness of IT controls related to cybersecurity.
- Identify risks, vulnerabilities, and areas for improvement in IT systems and processes.
- Assist clients with remediation activities, including policy development, process design, and training.
- Prepare clear and concise reports including findings and management recommendations.
Risk Assessment:
- Perform tasks such as threat modeling, cybersecurity risk identification, risk analysis, and risk evaluation.
- Conduct interviews and workshops with clients to gather information for assessments.
- Assess technical controls and processes within client systems.
- Translate technical risks into business impact and provide prioritized risk-based recommendations.
- Familiarity with threat models/frameworks such as STRIDE-LM, MITRE ATT&CK, and NIST Cybersecurity Framework is preferred.
