General Description

This role is responsible for governing and ensuring the effectiveness of security controls across all business streams from a technical governance perspective. The position acts as a strategic bridge between business, technology, and security functions to ensure that cyber risks, AI risks, information security risks, and fraud risks are proactively identified, assessed, and maintained within acceptable risk levels.

The role emphasizes security control assurance, risk-based decision making, and governance alignment, while also providing technical oversight and advisory in implementing security controls across systems, integrations, and digital platforms.

In addition, this role supports cyber defense initiatives by contributing to security monitoring strategy, forensic readiness, and investigation capability, ensuring that detection and response mechanisms are aligned with enterprise risk posture.

Key Responsibilities

List key responsibilities of this position that are required daily. 

1. Security Governance & Risk Oversight

• Conduct risk-based security assessments across business streams, internal systems (ERP, low-code platforms), and external integrations (API, system-to-system).
• Identify and evaluate cyber risks, AI-related risks (model risk, data leakage, bias, misuse), and fraud risks, including mapping to likelihood and impact.
• Ensure security controls are properly designed, implemented, and operating effectively in alignment with enterprise policies and risk appetite.
• Act as a technical advisor to business and product teams to embed security-by-design and risk-based control mechanisms.

2. Security Control Assurance & Architecture Alignment

• Review and validate implementation of system security controls, including:
  • Access control (RBAC / ABAC)
  • Audit trail & logging mechanisms
  • Data protection controls (DLP, encryption, masking)
  • API and integration security
• Ensure all systems have traceability, accountability, and monitoring capabilities to support governance and forensic requirements.
• Drive standardization of minimum security requirements across business streams and satellite systems.

3. Monitoring, Detection & Forensic Readiness

• Oversee development and optimization of security monitoring strategies (SIEM, alerting use cases, detection rules).
• Ensure log management and alerting mechanisms are aligned with risk priorities and minimize false positives.
• Develop and enhance forensic readiness capabilities, including:
  • Data trail design
  • Transaction monitoring
  • Investigation support framework
• Support investigation of cyber incidents and fraud cases from a data-driven and control validation perspective.

4. Reporting, Governance & Stakeholder Engagement

• Produce risk-based security assessment reports, including actionable remediation plans.
• Communicate findings effectively to stakeholders, including management, auditors, and technical teams.
• Ensure end-to-end remediation tracking and closure validation for identified vulnerabilities.
• Maintain up-to-date documentation related to security controls, risk assessments, and governance artifacts.

5. Continuous Improvement & Awareness

• Continuously evaluate and improve security control effectiveness based on emerging threats and risk trends.
• Collaborate with Information Security Governance to support security awareness and risk culture initiatives.
• Promote automation and efficiency in security governance processes (e.g., using low-code / workflow automation tools).

Required Qualifications

• Bachelor’s degree in Technology, Information Systems, Computer Science, or related fields.
• Minimum 3 years of experience in areas such as:
  • Cyber Security / Security Analyst / SOC
  • IT Risk / Information Security Governance
  • Fraud Risk / Anti-Fraud
  • System Analyst / Data Analyst
• Strong understanding of:
  • Cyber Risk Management & Information Security Principles
  • AI Risk (model risk, data risk, misuse scenarios)
  • System Security Controls & Secure Architecture
• Hands-on experience in SQL and data query technologies (mandatory).
• Familiarity with:
  • SIEM, DLP, API Security, Threat Intelligence tools
  • Security testing tools (e.g., Burp Suite, Kali Linux)
• Strong analytical, problem-solving, and risk assessment capabilities.
• Ability to translate technical risks into business impact.
• Good communication skills and ability to work across cross-functional teams. 

Evermos is committed to providing an inclusive environment where equal opportunities are available to all applicants regardless of race, color, religion, gender, national origin, disability, age, genetic information, marital status, pregnancy, or related condition. We will not tolerate discrimination or harassment based on any of these characteristics.

We also emphasize the importance of diversity in all aspects of employment including recruitment, hiring, promotions, training, and organization operations.