Job Purpose

The IA Cybersecurity Expert is responsible for developing, implementing, and maintaining a robust cybersecurity framework for the Authority. The Cybersecurity Expert will establish and enforce cybersecurity policies, standards, and procedures, conduct regular risk assessments, and lead incident response efforts.

Key Responsibilities and Activities

• Assist in establishing and enforcing robust cybersecurity policies, standards, and procedures to protect the Authority's information assets.
• Assist in conducting regular risk assessments to identify potential cybersecurity threats and vulnerabilities across the Authority’s systems, networks, and operations.
• Support the Manager of IA Cybersecurity in maintaining an up-to-date cyber security encyclopaedia relevant to the IA for the reference of all IA staff.
• Collaborate with the Manager of IA Cybersecurity to evaluate the risk levels associated with various threat types, such as third-party risks, IoT vulnerabilities, and insider threats.
• Assist in developing and implementing risk mitigation strategies tailored to the specific threats identified.
• Support in developing and maintaining an incident response plan to effectively address and manage cybersecurity incidents.
• Support the Manager of IA Cybersecurity to ensure the continuous operation and effectiveness of security technologies, regularly reviewing and updating configurations to optimize protection against cybersecurity threats.
• Contribute to the delivery of cybersecurity awareness and training programs for employees
• Assist in monitoring and ensuring compliance with relevant cybersecurity standards, such as ISO/IEC 27017/27018, NCA standards, COBIT, and CIS Controls.
• Support in developing and regularly maintaining a cybersecurity business continuity plan

Qualifications and Requirements

Knowledge and Experience:

• 5 years or more of relevant experience in Cybersecurity.
• Experience in insurance management practices.
• Experience in system being used.
• Previous experience in government sector or regulatory bodies is preferred.

Education and Certifications:

• Bachelor's degree in Business Administration, Law, Finance or a related field.
• Relevant Cybersecurity certification (e.g., CISSP, CISM, CEH, CompTIP Security+, GIAC) is required.