Browse
···
Log in / Register
Job Summary: Credicorp Capital is seeking a Senior Cybersecurity Audit Analyst to conduct robust technical audits and challenge the Group’s security posture, ensuring its technological resilience. Key Highlights: 1. Challenge the security posture of suppliers and internal platforms 2. Evaluate network architectures and identify vulnerabilities 3. Draft high-impact observations and propose recommendations **Credicorp Capital** invites you to Turn Challenges into Opportunities and become our next **Senior Cybersecurity Audit Analyst**, whose primary challenge will be to conduct robust technical audits on governance, risk management, and operational effectiveness of security controls at Credicorp Capital Regional. Your role will not only involve evaluation but also challenging the security posture of our critical suppliers and internal platforms, ensuring the Group’s technological resilience. **Your key responsibilities will include:** * Review internal or external regulations related to information security, cybersecurity, and IT security processes subject to audit, as well as applicable best practices. * Rigorously assess network architectures (segmentation, microsegmentation, routing protocols, and layered security) to identify design vulnerabilities in hybrid environments (On\-premise and Cloud). * Validate hardening of critical assets (servers, databases, firewalls, IPS/IDS) against international standards (CIS Benchmarks, NIST CSF 2\.0\). * Audit cloud architectures, focusing on identity management (IAM), storage bucket/security, and compliance with cloud security policies. * Design and execute audit procedures—including technical walkthrough tests—to validate that controls not only exist but are resilient against evasion attempts. * Draft high-impact observations linking technical weaknesses to business risks, proposing recommendations that elevate regional cybersecurity maturity. **If you meet the following profile, this opportunity is for you:** * Degree in Systems Engineering, Electronics Engineering, or related field. * Minimum 5 years of specific experience in information security, cybersecurity, or technical auditing. We seek someone who has previously worked on the "first line or second line" of technical operations (SOC, Networks, Cyber Defense, SI) before transitioning into auditing. **Essential Technical Expertise:** * Strong knowledge of networking (OSI model, TCP/IP, firewalls, VPNs, DNS/ARP name resolution protocols). * Proficiency in NIST CSF 2\.0 and management frameworks (ISO 27001, ISO 31000\). * Ability to audit Active Directory and virtualized environments. * Mandatory certifications: ISO 27001 Internal Auditor/Lead Auditor. * Desirable technical certifications (we value "Hands\-on" experience): + CCNA or equivalent networking knowledge. + Cybersecurity: CEH (Ethical Hacker), CompTIA Security\+, or CSFPC. + Business Continuity: ISO 22301 (Internal Auditor).
