Position Overview:
We are seeking a skilled and experienced Cybersecurity Risk Manager to join our team and contribute to the management of IT and cybersecurity risks across our organization. This role will be pivotal in ensuring the integrity, confidentiality, and availability of our information and technology systems by supporting the Infrastructure Risk and Control function within the broader Cyber Risk Management operations. You will play an active role in shaping and implementing risk management processes that align with our regulatory requirements and risk appetite.
Key Responsibilities:
- Risk Management & Compliance: Support the Infrastructure Risk and Control function by ensuring that technology, information, and cybersecurity risks are managed and controlled effectively across various business units, consistent with the firm's risk appetite and regulatory requirements.
- Gap Assessment & Risk Identification: Plan and conduct thorough gap assessments throughout the Secure Software Development Lifecycle (SSDLC) to identify and evaluate potential risks. Assess existing controls, identify mitigating strategies, and measure the residual risk.
- Policy & Standards Compliance: Work collaboratively with key stakeholders to drive adherence to cybersecurity, information, and technology policies and standards. This includes monitoring compliance and recommending adjustments when necessary.
- Risk Reporting & Control Effectiveness: Continuously monitor and assess the effectiveness of existing cybersecurity controls. Prepare and deliver regular risk and control reports to senior management, identifying key audit findings, risks, and areas for improvement.
- Training & Awareness Programs: Conduct cybersecurity awareness programs, including staff training on policies, standards, and best practices. Lead initiatives such as phishing simulation campaigns, awareness newsletters, and training sessions to increase security awareness throughout the organization.
- Coordination with Risk Functions: Liaise with other internal risk management functions to ensure a unified and cohesive approach to risk and audit management across the enterprise.
Qualifications and Experience:
- Education: A degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
- Experience: 5-8 years of professional experience in IT cybersecurity risk management, risk implementation, and governance. This includes practical experience in IT risk assessments, vendor risk assessments, audit processes, and managing operational risk issues.
- Industry Knowledge: Strong understanding of cybersecurity risk frameworks and standards such as NIST, COBIT, ITIL, and other relevant frameworks. Experience in applying these frameworks to real-world scenarios is essential.
- Risk Assessment & Remediation: Hands-on experience conducting IT risk assessments for in-house developed applications, commercial off-the-shelf products, and Cloud platforms. Ability to recommend and drive remediation efforts based on assessment findings.
- Communication & Collaboration: Strong written and verbal communication skills, with the ability to prepare detailed reports, presentations, and communicate complex cybersecurity issues to stakeholders at all levels.
- Problem-Solving Skills: Excellent analytical, problem-solving, and critical-thinking abilities, with the capacity to influence stakeholders and drive changes to improve risk management processes.
Preferred Qualifications:
- Certifications: Professional cybersecurity certifications such as CISSP, CISM, CRISC, CCSK, or CGEIT would be highly desirable.
- Additional Experience: Experience in conducting risk assessments on both traditional IT environments and modern Cloud-based systems will be considered an advantage.
Skills & Competencies:
- Cybersecurity Expertise: In-depth knowledge of cybersecurity best practices, risk assessment methodologies, and threat mitigation techniques.
- Governance & Compliance: Experience working within regulatory frameworks and compliance mandates.
- Training & Development: Ability to design and implement effective cybersecurity training programs.
- Attention to Detail: Meticulous attention to detail, particularly when identifying vulnerabilities and recommending improvements.
- Interpersonal Skills: Ability to work across teams and influence key stakeholders to prioritize cybersecurity risk management activities.