We are seeking a highly skilled, technical and experienced Short-Term Consultant specializing in Information Technology Cyber Risk and Security. As a consultant in this role, you will play a critical part in safeguarding our digital assets, ensuring compliance with relevant regulations, and enhancing the overall security of our organization. This is a short-term position with a specific focus on addressing immediate cybersecurity needs and providing recommendations for long-term security strategies.ResponsibilitiesConduct a comprehensive assessment of our current cyber risk mitigation framework, including identifying potential risks, vulnerabilities and threats specific to our operations, data, architecture design, APIs and systems.Perform penetration testsCollaborate with internal stakeholders to develop and implement effective cybersecurity policies, procedures, and protocols - ensuring it matches our business requirements and regulatory environment.Perform audit and vulnerability assessments of our IT infrastructure, data warehouse, systems, and applications to proactively identify and mitigate security risks.Provide expert guidance and recommendations on the selection, deployment, and configuration of cybersecurity technologies, such as firewalls, intrusion detection systems, and endpoint protection solutions.Deliver training and awareness programs to educate our employees on cybersecurity best practices and promote a culture of security consciousness throughout the organization.Advise senior management on cybersecurity-related matters, offering strategic insights and actionable recommendations to enhance our overall cyber resilience.Develop documentation of cybersecurity policies, procedures, incident response plans, and other relevant documentation, ensuring compliance with applicable regulatory requirements.Come up with a monitoring and evaluation matrix and process we will use for internal security audit as an ongoing concernSecurity Monitoring and threat intelligence - implement security monitoring tools and processes to detect and respond to suspicious activities and threats in real-time.Develop and implement data access controls and encryption mechanisms to safeguard sensitive information stored in databases and data warehouses.Monitor data usage and access patterns to detect and respond to unauthorized or suspicious activities that may indicate data breaches or security incidents.Provide expert guidance and recommendations on data protection technologies and solutions, such as data loss prevention (DLP), encryption, and tokenization.Develop and maintain documentation of data governance policies, procedures, and data flow diagrams, ensuring alignment with regulatory requirements and industry best practices.Qualifications:Bachelor's degree in Computer Science, Information Security, or a related field; advanced certifications (e.g., CISSP, CISM, CEH) preferred.Experience with Google Cloud Platform (or similar), database management and database security frameworks.Hands-on experience with data protection technologies and solutions, such as data encryption, DLP, and data masking.Proven track record of at least 5 years in a cybersecurity role, with specific experience in the fintech industry and familiarity with the regulatory environment in East Africa.In-depth knowledge of cybersecurity principles, frameworks, and best practices, including ISO 27001, NIST Cybersecurity Framework, and GDPR.Hands-on experience with cybersecurity tools and technologies, such as SIEM, DLP, IDS/IPS, and vulnerability management systems.Strong analytical skills and the ability to assess complex technical issues, identify root causes, and develop effective solutions.Excellent communication and interpersonal skills, with the ability to effectively engage with diverse stakeholders at all levels of the organization.Proactive mindset with a commitment to continuous learning and professional development in the field of cybersecurity.
