Job Vacancy: Senior Manager (Cybersecurity) within Cybersecurity and ICT risk within the cybersecurity team.
About Cybersecurity and ICT risk:
The Cybersecurity and ICT risk function provides specialist services and support to Authorisation and Supervision teams at the Authority across all financial sectors as part of the overall supervisory framework.
It is responsible for the assessment of fit and proper Cybersecurity posture, ICT strategic alignment to Business strategy, ICT governance, and general ICT risk profile, exposures and controls of Licenced Holders and applicants seeking Authorisation based on established regulatory frameworks, technical standards and guidelines.
The function, therefore, provides the necessary technical risk assessments and guidance as part of the Authority’s holistic risk-based supervision model. It also supports the development of policy and supervisory work related to cybersecurity and ICT risk. Furthermore, the function provides technical support and coordination in terms of cybersecurity forensics, supervisory investigations or enforcement actions as required.
- Reporting to the Deputy Head (Cybersecurity and ICT risk), the team will leverage your expertise in the area of cybersecurity, for ongoing supervisory reviews and assessments based on established regulatory frameworks, technical standards and guidelines;
- You will carry out on-site and off-site reviews and conduct meetings with in-house and external auditors of Licence Holders as necessary, as well as managing analysts reporting to you and supervising their work;
- You will also review and follow-up on issues identified through external auditors’ management letters to Licence Holders or applicants under consideration for Authorisation. Your role may also involve active participation in investigations or enforcement actions in close collaboration with other supervisory teams;
- You will also actively support the ongoing development of policy and guidelines across all supervisory sectors and collaborate with other stakeholders on cross-sectorial security awareness and education campaigns.
Other important information:
- We are looking for candidates with a bachelor’s degree in computer information systems or information technology at MQF level 6 or higher, as well as five years’ work experience in cyber security. You will have professional certification such as CISSP or CISM. CISA or similar certification in lieu of CISSP or CISM will be taken into consideration provided depth of cybersecurity expertise and experience can be demonstrated;
- The selected candidate will have prior operational or management skills and competencies in areas such as application security, data leak prevention, forensic analysis, identity and access management, network and cloud security, penetration testing and vulnerability assessments.
The MFSA is an Equal Opportunities Employer as certified by the NCPE (National Commission for the Protection of Equality) and is committed to a policy of equal opportunity in all aspects of employment and will take care to avoid any form of discrimination in its recruitment procedures. The MFSA reserves the right to withdraw this call at any time and not to select any of the Candidates.
It is the responsibility of applicants in possession of qualifications awarded by Universities and other similar institutions outside Malta to produce a recognition statement on comparability of qualifications issued by the Malta Qualifications Recognition Information Centre (MQRIC). Applicants should do so preferably at the application stage or otherwise at the preliminary interview should an applicant be selected for such an interview. Details can be obtained by accessing the National Commission for Further and Higher Education website on www.ncfhe.org.mt under MQRIC heading.
The MFSA shall ensure that any processing of personal data is in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation), the Data Protection Act (Chapter 586 of the Laws of Malta) and any other relevant European Union and national law. For further details, you may refer to the Data Protection Policy on the MFSA.
Candidates are to note that the submission of any false statement/s or omission, even if unintended, may lead to the cancellation of their application and may render the candidate’s appointment liable to termination.
Furthermore, please note that candidates may be asked to submit any documentation in support of the information provided, including but not limited to, proof of qualifications and Police Conduct Certificates.
Malta Financial Services Authority:
The Malta Financial Services Authority (MFSA) is the single regulator for financial services in Malta. It was established by law on 23 July 2002 taking over supervisory functions previously carried out by the Central Bank of Malta, the Malta Stock Exchange and the Malta Financial Services Centre. The Authority is a fully autonomous public institution and reports to Parliament on an annual basis.