Cyber Risk and Assurance Manager

Job Description

- Carry out Cyber Risk and Assurance initiatives independently while ensuring quality and timely delivery.

- Perform control testing using security frameworks to determine effectiveness of the control and provide recommendations.

- Review adequacy of evidence provided by Technology teams as part of control assurance activities.

- Define processes to collaborate with Security and Technology teams for remediation of identified system-level control gaps and work closely with them to ensure implementation cyber security safeguards to improve security posture across the organisation.

- Identify; evaluate and monitor technology risks as part of Cyber Risk and Assurance programmes.

- Review security exceptions raised by Technology teams to manage the risks associated.

- Drive reporting across different Cyber Risk and Assurance initiatives; including reporting to Security Leadership and Cyber/Technology governance committees.

- Identify; drive and implement opportunities for process improvement across various initiatives within the Cyber Risk and Assurance team.

- Build strong relationships with the stakeholders and lead internal meetings with Technology and Business Process teams.

Qualifications

- 7 to 10 years cyber security experience

- IT audit and/or IT risk management

- Experience of assessing security controls across a variety of technologies and products; recommending improvements where necessary

- Hands on Experience with different security frameworks and standards such as ISO 27001; NIST; CIS; PCI; (e.g. controls testing; gap assessments)

- Critical thinking with strong attention to detail and good organisational skills

- Strong written; verbal communication and presentation skills; working with all levels of seniority and disciplines within the organisation

- Able to build solid working relationships with internal and external stakeholders

- At least one professional qualification such as CISA; CISM; CRISC CISSP or equivalent