Where are you located? South Africa
Who do you work for? Banking/Financial Sector
Your job title? Information Security Risk Analyst
How many years in information security? 9 years
What do you do in your job? Identity and access management, audit, access provisioning, access attestations. As part of the day to day things in my role as a information security risk analyst I wear a few hats.
In the space of access provisioning and attestations, I grant access to a wide variety of systems (risk based approached – ensuring least privileged access is applied). I ensure that all access that has been permitted is in line with the policy and that we have sufficient proof thereof when those systems and processes are audited. Access attestations gives us the opportunity to have the management team review if access is still appropriate for certain roles and users in there space.
Being a trusted advisor to business is something I enjoy doing, as businesses do not always understand what they approve, or before bringing a new system into the environment, how that system should be administered. I give recommendations and guidance from an information security perspective.
My role also includes documenting policies and procedures for us to ensure that we stay in line with the requirements. This is something I enjoy doing – sharing my knowledge and expertise with new members in our teams.
Information security being such a huge field of opportunity, I also learn a lot about Data Protection and how we can protect the proprietary information of the bank and also stay in line with law and regulations.
What do you like most about your job? Being a trusted advisor to business – and not limiting my knowledge to my space alone. Taking a risk-based approach when it comes to least privileged access provisioning. Identifying gaps for improvement.
Least? Daily repetition of tasks, lack of communication between siloed divisions
What did you do prior to this position? Information Security Analyst
What do you see as your next step? Studying and building experience towards becoming a B-ISO
Salary range for your position? R400K – R500K (ZAR) [in US dollars: $28-40K]
EDUCATION & GROWTH
Degree? University Certificate in Cyber Security
Certifications? ISO270001, A+, N+, ITIL, ISO20000, MCSE, MCSA, MCP
What do you do to stay up-to-date or grow in cyber? LinkedIn, Subscribing to industry trusted resource emails for updates: Silobreaker, KrebsonSecurity, SANS, NIST
Favorite cyber news source and/or podcast? LinkedIn – The Cybersecurity Hub, SiloBreaker
ANYTHING ELSE/OTHER COMMENTS
Would like to see a platform for current CISOs and B-ISOs that are willing to share their knowledge with the younger generation. Cyber Security and Information Security is not only book knowledge, there needs to be the skills transfer between the seasoned people to the newcomers in the industry.
View the original post here: https://www.linkedin.com/pulse/cyber-careers-12-information-security-risk-analyst-karen
If you are interested in contributing to this project you can contact Karen on LinkedIn or send an email to KarenTCyber@gmail.com.