Here is Number 12 as we continue our series, exploring a variety of Cyber Careers. The idea here is to give you a broad sampling of options. If you’re new to the cyber community it might help you decide which direction you’d like to go in your career. If you’re already working in security you might want to compare your path to another’s or decide you want to move towards a different path. The whole point of this project is to provide information for you to use the way it works best for you.

Name? Mandy

South Africa

Where are you located? South Africa


Who do you work for? Banking/Financial Sector

Your job title? Information Security Risk Analyst

How many years in information security? 9 years

What do you do in your job? Identity and access management, audit, access provisioning, access attestations. As part of the day to day things in my role as a information security risk analyst I wear a few hats.

In the space of access provisioning and attestations, I grant access to a wide variety of systems (risk based approached – ensuring least privileged access is applied). I ensure that all access that has been permitted is in line with the policy and that we have sufficient proof thereof when those systems and processes are audited. Access attestations gives us the opportunity to have the management team review if access is still appropriate for certain roles and users in there space.

Being a trusted advisor to business is something I enjoy doing, as businesses do not always understand what they approve, or before bringing a new system into the environment, how that system should be administered. I give recommendations and guidance from an information security perspective.

My role also includes documenting policies and procedures for us to ensure that we stay in line with the requirements. This is something I enjoy doing – sharing my knowledge and expertise with new members in our teams.

Information security being such a huge field of opportunity, I also learn a lot about Data Protection and how we can protect the proprietary information of the bank and also stay in line with law and regulations.

No alt text provided for this image

What do you like most about your job? Being a trusted advisor to business – and not limiting my knowledge to my space alone. Taking a risk-based approach when it comes to least privileged access provisioning. Identifying gaps for improvement.

Least?   Daily repetition of tasks, lack of communication between siloed divisions

What did you do prior to this position? Information Security Analyst

What do you see as your next step? Studying and building experience towards becoming a B-ISO

Salary range for your position? R400K – R500K (ZAR) [in US dollars: $28-40K]


Degree? University Certificate in Cyber Security

Certifications? ISO270001, A+, N+, ITIL, ISO20000, MCSE, MCSA, MCP

What do you do to stay up-to-date or grow in cyber? LinkedIn, Subscribing to industry trusted resource emails for updates: Silobreaker, KrebsonSecurity, SANS, NIST

Favorite cyber news source and/or podcast? LinkedIn – The Cybersecurity Hub, SiloBreaker


Would like to see a platform for current CISOs and B-ISOs that are willing to share their knowledge with the younger generation. Cyber Security and Information Security is not only book knowledge, there needs to be the skills transfer between the seasoned people to the newcomers in the industry.

View the original post here:

If you are interested in contributing to this project you can contact Karen on LinkedIn or send an email to