Cyber security Risk Specialist

The role is responsible for identifying, assessing and managing an organization’s cybersecurity risks to protect its information and technology assets in line with organizational policies and procedures and related laws and regulations.

Key Responsibilities:

• Effectively communicate cybersecurity risks and posture to senior management.
• Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems.
• Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.
• Develop specific cybersecurity countermeasures and risk mitigation strategies.
• Develop statements of preliminary or residual cybersecurity risks for system operation
• Ensure that decisions relating to cybersecurity are based on sound risk management principles.
• Perform risk analysis whenever an application or system undergoes a major change.
• Provide input to the risk management framework and related documentation.
• Ensure cybersecurity risks are identified and managed appropriately through the organization's risk governance process.
• Carry out a cybersecurity risk assessment.
• Work with others to implement and maintain a cybersecurity risk management program.
• Identify and assign individuals to specific roles associated with the execution of the Risk Management Framework.
• Establish a risk management strategy for the organization that includes a determination of risk tolerance.
• Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis.
• Work with organizational officials to ensure continuous monitoring tool data provides situation awareness of risk levels.
• Use continuous monitoring tools to assess risk on an ongoing basis
• Develop methods to effectively monitor and measure risk, compliance and assurance efforts.
• Determine and document supply chain risks for critical system elements, where they exist.

Requirements:

• Minimum bachelor’s degree in Cybersecurity / Information Security / Computer Engineering / Systems Engineering / Telecommunication Engineering / Information Technology / Computer Science.
• Professional Certifications related to Cybersecurity Risk field is preferred such as: CRISC / Security+
• Minimum 3 years in Cybersecurity Risk Management.
• Planning and organizing.
• Risk analysis.
• Problem-solving.
• Attention to detail.