Security Risk Officer

Security Risk Officer

As a Security Risk Officer within Global Information Security (GIS) team you will focus on security risks across the organization. This will be done in collaboration with members of GIS team Information Security Officers (ISOs) in the domains (regions corporate functions and enterprise platforms) as well as security and risk Subject Matter Experts (SMEs) within DLL. This role will support GIS in ensuring that (relevant) threat-based security risk management practices are incorporated into DLL..

Find out morehereabout how you can unleash your full potential at DLL

Day to day:

• The Security Risk Officer fulfills the following tasks.
• Execute as well as participate in various types of threat-based enterprise level cyber security risk assessments (scoping assessment risk identification evaluation treatment and monitoring).
• Drive enterprise level threat modeling exercises.
• Drive delivery of security roadmap initiatives.
• Monitor enterprise level cyber security risks posture.
• Drive creation socialization and progress monitoring of cyber security priorities.
• Provide security advice during enterprise-level security incidents.
• Keep oversight of and monitor security risk management practices and ensure execution of security risk management across the organization according to policies and procedures.
• Continuously monitor trends across the organization and the threat landscape to anticipate and plan for future impact of Information security risk to DLL.
• Constructively engage with cyber security SMEs and ISOs.
• Act as a subject matter expert (SME) on security risk management for the domains.
• Establish reports and dashboards to measure and monitor information security risk practices of the organization.
• Continuous improvement of security risk management practices in the organization. This includes contributing to the cyber security framework.
• Stay updated on the latest security threats trends and technologies

All members enjoy

• Two working days per year volunteering for a local charity.
• Health and Wellness program including healthy food free health checks fun health & vitality activities.
• Flexible hours with possibility to work from home
• Career development opportunities: online learning member development programs.
• Click thislinkfor an overview of all the benefits in your region.

We lead the way in meeting the need for flexibility and transparency which our customers increasingly expect

Essentials:

Education Training & Previous Experience Requirements

• Bachelor or masters in information technology / computer science or related.
• 5 years of experience working in security risk management and optionally security regulatory requirements
• Experience working in a global organization with central and de-central security function
• Certifications (at least one of):CISSP/CISM/CRISC/CISA/CGEIT/CGRC.
• Excellent English verbal and written communication skill

Technical and Business Experience Requirements

• Experience producing high-quality risk artifacts (threat scenarios risk assessments risk statements residual risk analysis actionable mitigations aligned with organization goals).
• Experience using external threat intelligence and MITRE ATT&CK to build threat scenarios evaluate control effectiveness and drive risk decisions and remediation priorities.
• Experience assessing risk across common enterprise environments such as cloud (SaaS PaaS and IaaS) containers on-prem and hybrid architecture.
• Understanding common enterprise attack surfaces (identity compromises internet-facing services third-party/supply chain data exposure and misconfigurations)
• Knowledge on a wide range of enterprise security controls (IAM PIM endpoint network cloud security vulnerability management logging/SIEM backup) and ability to evaluate design/operating effectiveness using evidence.
• Experience with reporting and data analysis tools like PowerBI and MS Excel
• Experience with security frameworks and methodologies such as ISO/IEC 27005 / ISO 27001 NIST 800-30 NIST Cybersecurity Framework (CSF)
• Ability to communicate threat-informed risk to both technical and non-technical stakeholders translating adversary behavior into business impact and decision options.
• Experience with using GRC tools (like OneTrust and/or Archer)
• Experience with DevOps AppSec Agile Safe.

Knowledge and Skills Requirements

• Strong communicator and storyteller (active listener constructive feedback assertive adaptive conflict resolution)
• Demonstrates an ability to challenge and manage choices
• Strong problem-solving and trouble-shooting skills
• Aptitude for understanding internal organizational environments and their relationship to the external business environment and risks
• Able to effectively analyze risk and review such analysis within the context of business problems
• Strong ability to convey complex security risks in a manner that is easily understood and actionable
• Ability to constructively challenge prevailing thoughts and processes
• Able to consistently effectively defend ideas and solutions
• Adept at improving outcomes through proactive team coaching and development
• Ability to measure and report on the effectiveness of security risk management program
• Ability to translate security objectives into security risk management policies and procedures
• Ability to align security initiatives with the organizations overall business strategy

Choose wellbeing

DLLs wellbeing ambition is to educate equip and empower members to build connections manage their mental emotional physical and financial wellness and maintain balance between work and the other priorities that make up their lives.

Our four wellbeing categories are as follows:

• Connection Build meaningful connections with other DLL members
• Health Manage mental emotional and physical health
• Finance Provide learning opportunities to help members achieve personal financial health
• Lifestyle Maintain balance between work and life priorities

These are the things that matter to our members and the wellbeing of our members matters to DLL

Good to know:

• Deadline for application: April 30th (Due to high volume of applications this requisition may close prior to posted close date)
• The selection process may involve an assessment
• Applications via email will not be reviewed. Please apply online via our career website
• #LI-OMNIA
• DLLs referral program applies
• For more information please contact our Talent Acquisition Partner Omnia Hassan via

DLL appreciates the time you spend applying to our openings. We advise only those who qualify for an interview will be contacted. Hiring subject to successful completion of a background check.

DLL is an equal opportunity employer. We are committed to inclusive barrier-free recruitment and selection processes and work environments. If contacted for an employment opportunity please advise Human Resources if you require accommodation in accordance with our values and all applicable legislation.