CyberOps Consultant - GRC (Governance Risk and Compliance)

Indonesia
CyOps – CyberOps
Full-time
Building a Safer Cyberspace:
At Horangi, we’re passionate about building safer cyberspace and creating software and services that solve challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals and building a security strategy that helps achieve their objectives. Horangi’s personnel have extensive engineering experience and a strong background in penetration testing, incident response and strategic consulting including both large multinational networks and small organisations with focused missions. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships.

Job Summary and key responsibilities:
Horangi CyberOps Consultant works directly with Horangi’s customers to perform cybersecurity assessments and conduct incident response investigations. Members of the CyberOps team are generally familiar with most aspects of cybersecurity but specialise in web application security, network penetration test, incident response. In addition, they work closely with the R&D and engineering team to build up our product capabilities. 

For GRC role, the key responsibilities are delivering cybersecurity services, preferably for multinational companies which may include:

    • Develop and implement cybersecurity, privacy and IT information security policies, procedures.
    • Conduct cybersecurity assessments to comply with local and global standards, privacy rules and regulations. 
    • Develop cybersecurity roadmap with a risk-based approachPromoting information security awareness through awareness socialisation and training.
    • Create and implement processes to identify security risks and threats associated with running their systems. 
    • Draft, report and present to both internal and customer-facing, to include leadership and executive management on all cybersecurity-related matters.
    • Plan, manage and organise the delivery of cybersecurity services to clientsContribute to the development of the cybersecurity service framework within the firm.

Attributes for success:

    • Passionate in the cybersecurity area and sky is your limit
    • Possess relentless self-motivation and passion to explore new technologies, learn new frameworks and cybersecurity trends
    • Able to work independently with minimal supervision.
    • Having autonomy and the authority to make decisions. We are a small team, so every individual will have a large impact.
    • Being a team player, trust and challenge each other
    • Being able to communicate well, and willing to receive criticism and feedbackAbility to adapt fast in a startup environment
    • Open to learning new skills, keeping up with the latest trend to be an all-rounder security consultant
    • Being proactive and strive to accomplish results
    • Being responsible and take pride in your work
    • Able to prioritise shifting workloads in a rapidly changing industry. 
    • Being user-centric and empathise with the client to solve their problems
    • Willing to proactively conduct research as necessary to perform the assessment properly and improve the quality of deliverables 
    • Possess good interpersonal communication skills and helping mind in a team-oriented environment
    • Willing to travel around within South-east Asia and enjoy being out of your comfort zone.

Required skillsets:

    • Proper general knowledge in cybersecurity areas such as vulnerability assessment, penetration testing, security incident management, etc.
    • Understanding and interest in recognized cybersecurity-related methodologies, best practice and industry standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
    • Understanding of cybersecurity technologies such as Data Loss Protection, Identity Management, Cryptography & Certificate Authority, NextGen Firewalls, IPS and IDS, GRC technologies, Advanced Persistent Threat (APT), cybercrime, hacktivism
    • Understanding of how business strategy, risk, regulation and technical constraints influence organisational responses to cyber security.
    • Excellent communication skills – both oral (for interviews/meetings, presentations) and written (for designing and writing engaging reports which communicate findings succinctly and clearly convey the message in a way which is appropriate for the audiences)
    • Strong business skills including presentation and report writing skills, analytical and problem-solving capabilities, strong project management, facilitation and delivery skills.

Experience and certification required:

    • 3 - 5 years of cybersecurity GRC (governance, risk and compliance) and client-facing consulting experience including:
    • Experience in risk & regulatory frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or PCI-DSS
    • Experience with the cybersecurity technologies such as Data Loss Protection, Identity Management, Cryptography & Certificate Authority, NextGen Firewalls, IPS and IDS, GRC technologies.
    • Experience on delivering cybersecurity services, preferably for multinational companies which can include:
    • Developing and implementing cybersecurity, privacy and IT information security policies, procedures; promoting information security awareness through awareness training, reporting to relevant stakeholders on a regular basis on all security-related incidents/matters.
    • Experience on working with different parties on security-related matters

    • Must have certifications: ISO 27001 Lead Implementor /  Lead Auditor, or ISACA CISA, or CompTIA Security+

    • Bonus: 
    • Cybersecurity certifications such as CISSP or CISM
    • Experience on technical cybersecurity projects such as performing vulnerability assessment, penetration testing, cyber forensics, etc.
    • Experience with basic to an intermediate working knowledge of Unix, Linux, Windows, network devices, firewalls, web and/or mobile application developments