About the role:
The role reports to the Cyber Risk Manager and has a clear focus on providing cyber risk advisory to enable secure and cyber resilient business operation and innovation. Stakeholders include project delivery teams, security and technology experts, system owners, business leadership and the group risk function.
Responsibilities
- Conduct cyber threat and risk assessments for new and existing technology systems and projects.
- Support the threat and risk-based prioritisation of security control gaps identified through various security assurance activities and
- Review and facilitate exemptions based on risk and business justification.
- Recommend the implementation of additional cyber security controls and risk mitigation actions based on risk assessments.
- Communicate risk assessment outcomes to both technical and non-technical audiences, including information technology & business unit leaders and project stakeholders.
- Develop, maintain and enhance the cyber threat and risk assessment tools and templates for use by delivery teams.
- Mentor teams on the usage of the security risk assessment tools and templates.
- Contribute to the development and implementation of the cyber risk management framework, strategy, standard and the wider Information Security Office Strategy.
Mandatory experience
- Experience in delivering Threat and Risk Assessment (TRA), Security Risk Management Plans (SRMP).
- 5+ years of cyber security experience in an advisory or risk role.
- Experience with frameworks NIST SP 800-37 , ISO 31000, OCTAVE etc.
Desirable experience
- Certifications such as CRISC, CISA or CISM are desirable.
- Experience undertaking Cyber security risk reviews on cloud (XaaS) products, mobile applications and other latest technologies
- Practical understanding of Threat modelling and methods such as DREAD and STRIDE.
For more information please contact Ben Neal on 0380807217 and quote the job title or #205430
Looking forward to hearing from you!
