At Horangi, we’re passionate about building safer cyberspace and creating software that solves challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals, and building a security strategy that helps achieve their objectives. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships.
As a Cyber Security Consultant, you will work directly with Horangi’s customers to perform cyber security assessments. Members of the Cyber Security Consultant team in Cyber Operations are generally familiar with most aspects of cybersecurity but specialize in security architecture, cloud security, cyber risk management, network, and infrastructure security, application security, and security compliance.
We are looking for someone who:
- Passionate in the cybersecurity domains and strive to explore new technologies, skillset, frameworks and trends
- Being proactive and work independently with minimal supervision and like having autonomy a to make decisions.
- Being a team player, trust and challenge each other, possess good interpersonal communication skills and helping mind in a team-oriented environment
- Being able to communicate well, and willing to receive criticism and feedback
- Ability to adapt fast in a startup environment
- Being responsible and take pride in your work, willing to proactively conduct research as necessary to perform the assessment properly and improve the quality of deliverables
- Able to prioritise shifting workloads in a rapidly changing industry.
- Being user-centric and empathise with the client to solve their problems
- Willing to travel around within South-east Asia and enjoy being out of your comfort zone.
- Understanding and interest in recognized cybersecurity-related methodologies, best practice and industry standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
- Proper general knowledge of Cybersecurity Technologies, Networking Technologies Information Security/Assurance/Audit, Governance, Risk Management, Compliance, Strategic Planning, Project Management and Client Management and Cloud Technologies (e.g. AWS, GCP, Azure, AliCloud)
- Understanding of how business strategy, risk, regulation and technical constraints influence organisational responses to cyber security.
- Excellent Bahasa Indonesia and English communication skills – both oral (for interviews/meetings, presentations) and written (for designing and writing engaging reports which communicate assessment reports succinctly and clearly convey the message in a way which is appropriate for the audiences)
- Strong business skills including presentation and report writing skills, analytical and problem-solving capabilities, strong project management, facilitation and delivery skills.
Key responsibilities:
- Plan, manage and organise the delivery of cybersecurity services to clients
- Conduct various cybersecurity assessments such as: Strategy Assessments, Risk Assessments, Compliance Gap Analyses to comply with local and global standards, privacy rules and regulations such as PCI-DSS, ISO 27001, SOC2, MAS-TRM, RMIT, NIST 800-53, POJK/PBI/Menkominfo cybersecurity-related regulations
- Develop cybersecurity roadmap based on gap assessment result, best practices frameworks and client's business alignment
- Promoting information security awareness through awareness socialisation and training.
- Consult and advise with client's organizational personnel at tactical, operational, and strategic levels to achieve project goals on compliance toward a variety of regulatory compliance and industry standard frameworks
- Contribute to the development of the cybersecurity service framework within the firm.
- Draft, report and present to customer including leadership and executive management on on assessment findings, program statuses, and other security items as they impact business goals
- Participate in presales engagements to educate prospective clients and assist in creating value and developing the optimum set of services for clients
- Develop and deliver content on security domains of expertise to establish yourself, our team, and our brand as thought leaders in the community
- Participate in speaking engagements and industry events to establish yourself, our team, and our brand as thought leaders in the community
Experience and certification (Associate Consultant):
- Freshgrad to one (1) year of cybersecurity strategic or GRC (governance, risk, and compliance) and client-facing consulting experiences
- Understanding some risk & regulatory frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
- Understanding some cybersecurity technologies such as Data Loss Protection, Identity Management, Cryptography & Certificate Authority, NextGen Firewalls, IPS and IDS, and GRC technologies.
Experience and certification (Consultant):
- One (1) to three (3) years of cybersecurity strategic or GRC (governance, risk, and compliance) and client-facing consulting experiences
- Experience with some risk & regulatory frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
- Experience with some cybersecurity technologies such as Data Loss Protection, Identity Management, Cryptography & Certificate Authority, NextGen Firewalls, IPS and IDS, and GRC technologies.
- Experience in delivering cybersecurity services, preferably for multinational companies which can include: developing and implementing cybersecurity policies and procedures; promoting information security awareness; reporting to relevant stakeholders on a regular basis on security-related matters.
- Experience in working with different units/parties on security-related matters
Experience and certification (Senior Consultant):
- Three (3) years or more of cybersecurity strategic or GRC (governance, risk and compliance) and client-facing consulting experiences
- Experience in leading and managing small groups of people and cybersecurity projects
- At least one Cybersecurity-related certification, eg: ISO 27001 Lead Implementor / Lead Auditor, ISC2 CISSP, ISACA CISA, ISACA CISM, ISACA CGEIT, ISACA CRISC
- Experience in risk & regulatory frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
- Experience with the cybersecurity technologies such as Data Loss Protection, Identity Management, Cryptography & Certificate Authority, NextGen Firewalls, IPS and IDS, and GRC technologies.
- Experience in delivering cybersecurity services, preferably for multinational companies which can include: developing and implementing cybersecurity policies and procedures; promoting information security awareness; reporting to relevant stakeholders on a regular basis on security-related matters.
- Experience in working with different units/parties on security-related matters
Silakan referensi bahwa Anda menemukan lowongan kerja ini
di Fungsi.id, ini membantu kami mendapatkan lebih banyak
lowongan kerja berkualitas di sini, terima kasih!