Global Cybersecurity Risk Manager

Gravity IT Resources

To Apply for this Job Click Here

 

Job overview
The cybersecurity risk manager is a subject matter expert (SME) who works as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies and methodologies. As a risk assessment SME, the individual reviews and recommends controls and best practices, as well as continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership.
Cybersecurity risk manager reports continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business. Such reporting includes adherence to regulations and industry guidelines, as well as corporate risk acceptance. The cybersecurity risk assessor focuses on third-party risk, as well as risks within internal and business-controlled areas of security, technology, and business processes. Cybersecurity risk manager partners with the audit, compliance and legal teams as needed. The ideal candidate is business-minded, with three to five years of experience in technology and security administration or security risk management. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.
Responsibilities and duties
  • Serve on a distributed Cybersecurity team responsible for reviewing and documenting where security and technology controls are adequate or require improvement, as well as areas where risk is too high.
  • Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.
  • Create and present risk posture discovery and recommendation reports to Global CISO quarterly
  • Work closely with risk management and security leadership, teammates, and stakeholders to evaluate and recommend models aligning with organizational risk posture.
  • Work closely with risk owners to follow up on mitigation progress, document responsibilities, actions, and timelines.
  • Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks.
  • Document, formulate and enforce security improvements that balance risk with business operations, and do not diminish efficiencies or innovation.
  • Innovate & document the security and technology exception process
  • Attend change and project management meetings to understand and proactively strengthen controls to avoid unnecessary risk across lines of business.
  • Support company risk posture through development of controls and processes used in test, quality assurance and production environments from conception to completion.
  • Analyze workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls.
  • Review technical reports from vulnerability and penetration testing assessments and results from tabletop exercises.
  • Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.
  • Remain educated on regulatory requirements, internal policies and industry best practices.
  • Liaison with technical and business teams related to business continuity and disaster recovery requirements.
  • Provide strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities.
  • Frequently interact with business units to understand their plans, risk posture and tolerance, as well as how to support their vision and business obligations with security and risk in mind.
  • Openly support the organization, the management team and executive leadership team, even during times of adversity.
  • Perform other duties as assigned.
  • Assist the larger Information Security Team in their day to day responsibilities
Qualifications
  • Preferably three to five years’ experience, or more, in security systems administration, with two or more years’ risk management experience.
  • Proven ability to administer and/or familiarity with network and host configurations, application security, cloud services, third-party risk management and role-based access.
  • Technical experience in configuring, implementing, and maintaining enterprise networks, hosts, applications, and directory services preferred.
  • Understanding of vulnerability and configuration management, and familiarity with a variety of technologies and applications.
  • Ideally, familiar with one or more regulatory requirements, laws, and frameworks such as, but not limited to GDPR, ISO27001 & 27002, ISO 17799, NIST CSF, CPRA, and ITIL. General understanding of the Factor Analysis of Information Risk methodology.
  • Quantitative Information Risk Assessments
  • Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.
  • Strong written and oral communication skills across varying levels of the organization.
  • Understanding of service design, delivery concepts and control frameworks.
  • Organized, with the ability to prioritize and complete tasks within defined SLAs.
  • Excellent judgment and the ability to make quick decisions when working with complex situations.
  • High degree of integrity, trustworthiness, and confidence; represents the company and its management team with the highest level of professionalism.
  • PowerBI, PowerApps, Power Platform
  • Advanced proficiency with PowerPoint & Excel
  • OneTrust or other GRC platform experience preferred
Work Experience
 At least three to five years of cybersecurity, information technology or risk management practitioner experience.
Two or more years of risk management and governance exposure working with risk management.
Additional information
Preferable, but not required, is one or more of the following: CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP.

To Apply for this Job Click Here