Job Description
We are seeking a highly skilled professional to fill the role of Cybersecurity Risk Manager. In this position, you will play a key part in developing and implementing comprehensive security strategies, conducting thorough risk assessments, and ensuring compliance with industry standards.
Responsibilities
1. Develop and maintain information security policies and procedures aligned with business objectives and industry best practices.
2. Ensure compliance with IT Management System (ITMS) requirements.
3. Develop and maintain the information security risk framework to assess, monitor, and review information security risks for the organization.
4. Maintain risk treatment strategies and work with risk owners to manage their lifecycle.
5. Manage and implement an information security audit program, ensuring the management of non-conformities and improvement opportunities identified during audits.
6. Manage identified vulnerabilities, policy violations, or non-conformities discovered during audits.
7. Lead and manage the investigation and response to security incidents to ensure timely and effective containment, eradication, and recovery actions.
8. Document incident details, actions taken, and contribute to post-incident reports for continuous improvement.
9. Develop and implement security training and awareness programs for employees on best practices, policies, and security guidelines.
10. Collaborate with different groups to promote a security-conscious culture.
11. Implement and provide regular security reports to top management and other stakeholders, offering insights into the status of information security metrics.
Requirements
1. Background in Information Technology.
2. Experience in an Information Security role.
3. Background in Information Security Risks processes and in IT/Information Security Audit.
4. Ability to deliver security education and awareness training sessions and material.
5. Excellent written/verbal communications skills and organisational skills.
6. Knowledge of information security standards and regulations, such as ISO 27001, ISO 27002, ISO 27701, ISAE 3402, GDPR, DORA, and NIS2.
7. Cybersecurity knowledge.
8. Good level of English.