Cybersecurity Risk Manager

Job Description

• Develop an organisation’s cybersecurity risk management strategy
• Manage an inventory of organisation’s assets
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems
• Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential
• Assess cybersecurity risks, and propose most appropriate risk treatment options, including security controls, and risk mitigation and avoidance that best address organisation’s strategy
• Monitor effectiveness of cybersecurity controls and risk levels
• Ensure that all cybersecurity risks remain at an acceptable level for the organisation’s assets
• Develop, maintain, report and communicate complete risk management cycle

Qualifications

• Master's degree plus 9 years of experience.
• Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls
• Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards
• Enable business assets owners, executives, and other stakeholders to make risk informed decisions to manage and mitigate risks
• Enable employees to understand, embrace and follow the controls
• Build a cybersecurity risk-aware environment
• Advanced knowledge of risk management frameworks, standards, methodologies, tools, guidelines and best practices
• Knowledge of cyber threats, threats taxonomies and vulnerabilities repositories
• Knowledge of risk sharing options and best practices
• Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks
• Knowledge of monitoring, implementing and testing the effectiveness of the controls
• Analyse and consolidate organisation’s quality and risk management practices
• Communicate, present and report to relevant stakeholders
• Propose and manage risk sharing options
• Excellent knowlegde of English equal to C1 according to CERF levels.
• Experience in making Business Impact Assessments
• Knowledge on risk assessment implementation in GRC Service Now
• Experience in preparing personal data protection documentation and tools for graphical and programmatic threat modelling.
• Experience in threat modelling for DevOps and in designing Zero Trust Architecture
• Experience in Securing Software Development Lifecycle and designing controls for defending Directory Services

At least 4 certification among:

• CISSP (Certified Information Systems Security Professional) 
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• GSNA (GIAC Certified Systems and Network Auditor)
• GCCC (GIAC Certified Critical Controls)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• CAP ((ISC)2 Certified Authorization Professional)
• CRISC (ISACA Certified in Risk and Information Systems Control)
• CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional)
• GIAC Certified ISO-27000 Specialist or equivalent certification recognized internationally