The Cybersecurity and ICT risk function provides specialist services and support to Authorisation and Supervision teams at the Authority across all financial sectors as part of the overall supervisory framework.
It is responsible for the assessment of fit and proper Cybersecurity posture, ICT strategic alignment to Business strategy, ICT governance, and general ICT risk profile, exposures and controls of Licenced Holders and applicants seeking Authorisation based on established regulatory frameworks, technical standards and guidelines.
The function therefore provides the necessary technical risk assessments and guidance as part of the Authority’s holistic risk-based supervision model. It also supports the development of policy and supervisory work related to cybersecurity and ICT risk. Furthermore, the function provides technical support and coordination in terms of cybersecurity forensics, supervisory investigations or enforcement actions as required.
Reporting to the Deputy Head (Cybersecurity and ICT risk), the team will leverage your expertise in the area of ICT governance, ICT strategic development, and general ICT risk profile management, for ongoing supervisory reviews and assessments based on established regulatory frameworks, technical standards and guidelines.
You will carry out on-site and off-site reviews and conduct meetings with in-house and external auditors of Licence Holders as necessary, as well as managing analysts reporting to you and supervising their work.
You will also review and follow-up on issues identified through external auditors’ management letters to Licence Holders or applicants under consideration for Authorisation.
Your role may also involve active participation in investigations or enforcement actions in close collaboration with other supervisory teams.
You will also actively support the ongoing development of policy and guidelines across all supervisory sectors and collaborate with other stakeholders on cross-sectorial security awareness and education campaigns.
We are looking for candidates with a bachelor’s degree in computer information systems or information technology at MQF level 6 or higher, as well as five years’ work experience in IT risk management or audit. You will have professional certification such as CISA or CRISC.
You will have professional experience in the use of IT audit frameworks such as COBIT and ISO, while ideally having had direct prior experience in IT operations, management of Information Systems and/or software development. The ideal candidate would also have a good grasp of IaaS, SaaS and PaaS Cloud Service Models.
*Dear Candidate, kindly note that this role is not managed by Castille. MFSA, in this case, is responsible to manage the application process. In case of any difficulties, feel free to contact email@example.com, and we will direct your query to the relevant contact at MFSA.