The Cybersecurity and ICT risk function provides specialist services and support to Authorisation and Supervision teams at the Authority across all financial sectors as part of the overall supervisory framework.
It is responsible for the assessment of fit and proper Cybersecurity posture, ICT strategic alignment to Business strategy, ICT governance, and general ICT risk profile, exposures and controls of Licenced Holders and applicants seeking Authorisation based on established regulatory frameworks, technical standards and guidelines.
The function therefore provides the necessary technical risk assessments and guidance as part of the Authority’s holistic risk-based supervision model. It also supports the development of policy and supervisory work related to cybersecurity and ICT risk. Furthermore, the function provides technical support and coordination in terms of cybersecurity forensics, supervisory investigations or enforcement actions as required.
Reporting to the Deputy Head (Cybersecurity and ICT risk), the team will leverage your expertise in the area of cybersecurity, for ongoing supervisory reviews and assessments based on established regulatory frameworks, technical standards and guidelines.
You will carry out on-site and off-site reviews and conduct meetings with in-house and external auditors of Licence Holders as necessary, as well as managing analysts reporting to you and supervising their work.
You will also review and follow-up on issues identified through external auditors’ management letters to Licence Holders or applicants under consideration for Authorisation.
Your role may also involve active participation in investigations or enforcement actions in close collaboration with other supervisory teams.
You will also actively support the ongoing development of policy and guidelines across all supervisory sectors and collaborate with other stakeholders on cross-sectorial security awareness and education campaigns.
We are looking for candidates with a bachelor’s degree in computer information systems or information technology at MQF level 6 or higher, as well as five years’ work experience in cyber security. You will have professional certification such as CISSP or CISM. CISA or similar certification in lieu of CISSP or CISM will be taken into consideration provided depth of cyber security expertise and experience can be demonstrated.
The selected candidate will have prior operational or management skills and competencies in areas such as application security, data leak prevention, forensic analysis, identity and access management, network and cloud security, penetration testing and vulnerability assessments.
*Dear Candidate, kindly note that this role is not managed by Castille. MFSA, in this case, is responsible to manage the application process. In case of any difficulties, feel free to contact firstname.lastname@example.org, and we will direct your query to the relevant contact at MFSA.