Cybersecurity Risk Advisor

Cybersecurity Risk Advisor

Summary

Location: Barcelona (Hybrid)

Day Rate: Negotiable

Duration: 6 Months

Availability: ASAP

About the Client

My client is the air transport industry's IT provider, delivering solutions for airlines, airports, aircraft, and governments. Their technology powers more seamless, safe, and sustainable air travel.

They are looking to hire an experienced Cybersecurity Risk Advisor to join on a contract/freelance basis for 6 months.

About the Role

Supporting the cyber security risk management Team Leader, the Cybersecurity Risk Advisor will contribute to IT risk management practice within the EISO team by maintaining and enhancing the cybersecurity supplier risk management operation.

As part of the second Lines of Defence (2LoD), the Cybersecurity Risk Advisor will support business front lines (1LoD) risks & controls self-assessment capability and provide objective review to business lines to develop acceptable risk treatment plans, monitor risk mitigation execution progress and reporting to steering committees.

Key Duties:

• Reviewing and improving the operational risk management framework to ensure that it is user friendly and adds the maximum value for the organization and its management

• Supporting the work of the governing body and senior managers in relation to operational risk (e.g. providing advice, guidance, expert opinion, etc.)

• Working with risk owners to ensure that operational risk templates and procedures are implemented correctly (e.g. providing training, coaching, etc.)

• Maintain and improve the third-party risk management framework through its lifecycle, which include the onboarding, ongoing monitoring and offboarding requirements.

• Document key findings, analysis, and recommendations in clear and concise reports for both technical and non-technical stakeholders.

• Navigate and work effectively across a complex, geographically dispersed organization.

What we are looking for

Knowledge & Skills

• 5+ years of information system/cybersecurity risk and control management experience, including risk identification, analysis. response and remediation.

• Relevant certification desired: CISA, CISM, CISSP, CIA, CIPP, or related.

• Practical experience of assessing risks associated with third-party suppliers and reviewing assurance documents relating to security and IT controls provided by third parties (e.g. ISO 27001, SOC2 certifications, etc.).

• Ability to influence and engage with risk owner and senior management.

• Ability to adapt quickly to changing priorities and demands.

• Demonstrate good learning attitude and attention to detail.

• Have good communication skills, team player and a continuous improvement mindset

• Ability to communicate in a clear, concise, and persuasive manner to all levels of audience.

• University degree in computer science, management information system, business administration or a related field of study required.

Desirable Skills

• Experience in IT contract review is considered an asset.

• Working knowledge and/or hands on experience with information security policy, procedures and standard development and improvement.

• Experience with GRC (Governance, Risk and Compliance) tools such as OneTrust, ServiceNow, and Archer are considered an asset.