Cybersecurity Risk Manager

• Develop an organisations cybersecurity risk management strategy
• Manage an inventory of organisations assets
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems
• Identification of threat landscape including attackers profiles and estimation of attacks potential
• Assess cybersecurity risks and propose most appropriate risk treatment options including security controls and risk mitigation and avoidance that best address organisations strategy
• Monitor effectiveness of cybersecurity controls and risk levels
• Ensure that all cybersecurity risks remain at an acceptable level for the organisations assets
• Develop maintain report and communicate complete risk management cycle

Qualifications :

• Masters degree plus 9 years of experience.
• Perform risks assessments and analysis to identify threats categorise assets and rate system vulnerabilities so that they can implement effective controls
• Implement cybersecurity risk management frameworks methodologies and guidelines and ensure compliance with regulations and standards
• Enable business assets owners executives and other stakeholders to make risk informed decisions to manage and mitigate risks
• Enable employees to understand embrace and follow the controls
• Build a cybersecurity risk-aware environment
• Advanced knowledge of risk management frameworks standards methodologies tools guidelines and best practices
• Knowledge of cyber threats threats taxonomies and vulnerabilities repositories
• Knowledge of risk sharing options and best practices
• Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks
• Knowledge of monitoring implementing and testing the effectiveness of the controls
• Analyse and consolidate organisations quality and risk management practices
• Communicate present and report to relevant stakeholders
• Propose and manage risk sharing options
• Excellent knowlegde of English equal to C1 according to CERF levels.
• Experience in making Business Impact Assessments
• Knowledge on risk assessment implementation in GRC Service Now
• Experience in preparing personal data protection documentation and tools for graphical and programmatic threat modelling.
• Experience in threat modelling for DevOps and in designing Zero Trust Architecture
• Experience in Securing Software Development Lifecycle and designing controls for defending Directory Services

At least 4 certification among:

• CISSP (Certified Information Systems Security Professional) 
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• GSNA (GIAC Certified Systems and Network Auditor)
• GCCC (GIAC Certified Critical Controls)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• CAP ((ISC)2 Certified Authorization Professional)
• CRISC (ISACA Certified in Risk and Information Systems Control)
• CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional)
• GIAC Certified ISO-27000 Specialist or equivalent certification recognized internationally

Remote Work :

No

Employment Type :

Full-time