。该工作已被公司管理人员暂停申请，不再接受简历投递

Cyber Security Risk Manager

We are looking for a Cyber Risk Manager (CRM) for a leading bank. The position is responsible for supporting the cyber security direction of the business and elevating bank's cyber security posture. The CRM is expected to support company’s cyber security strategy within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements.

The ideal candidate is technical and possesses at least three years of experience in cyber security, risk management, or compliance. The role supports the Head of Cyber Risk to oversee the business information & cyber security requirements and obligations mandated by information security policies and standards and regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Enterprise Technology Governance and Risk Management Framework (ETGRM) and General Data Protection Regulation (GDPR). The CRM monitors progress and enforces resolution of outstanding cyber security risks that may lead to non-compliance or security threats to the business. As a key member of the Information Risk Management team, the CRM must focus on strong cyber risk management practices.

What you will do:

Identifying cyber risks and develop cyber risk registers.
Conduct various cyber risk assessments in line with the information security standards i.e. NIST, ISO.
Coordinate with business partners to safeguard against undue cyber security risk. Escalate to SMEs, relevant managers and business unit leads when points of weakness are discovered.
Develop and maintain cyber risk management and reporting frameworks.
Support the Head of Cyber Risk to identify, assess, document, communicate, and monitor cyber security risks.
Develop and deliver comprehensive risk reports to provide detailed insights of the current state of its cyber risks.
Analyze findings, document, recommend, and report program gaps to Cyber Risk Managers.
Compile monthly qualitative and quantitative metrics that demonstrate the business group’s cyber security posture.
Attend and fully engage in cyber risk management meetings.
Perform other duties as assigned.

What you will need to have:

Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
At least 3+ years’ experience in cybersecurity as a practitioner and with at least 1 to 3+ years exposure with various security frameworks.
Experience of working as an internal/external auditor, risk manager etc. in a reputable firm.
Strong business acumen and cyber security technology skills for well-rounded proficiency, as well as proven ability to align with cyber security practices.
Experience in one or more of the following: NIST, ISO 27001/2, or ITIL. Experience and understanding of various regulatory requirements and laws, including but not limited to PCI and GDPR.
Exceptional written and verbal communication skills and proven ability to translate cyber security risk to all levels of the business.
Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
Prior experience using GRC systems from vendors such as Archer, Rsam, ServiceNow.
Holds or is working toward one or more of the following accreditations: CISSP, CRISC, CGEIT or GRCP

技能

Interpersonal Skills Qualitative Analysis Reporting Skils Risk Assessment Cyber Security Threat Modelling

工作详细内容

全部职位:

1 发布

工作时间:

早班

工作类型:

全职/长期工

工作地址:

Clifton, 卡拉奇, 巴基斯坦

性别:

没有偏好

最低学历:

学士

职位等级:

资深专业人员

电话预约已成功，我们的专家会在短时间内与你联系:

3年

在之前申请:

May 07, 2023

发布日期:

Apr 07, 2023

Diversity Inclusion:

We value diversity of our employees. All qualified applicants will receive fair consideration without regard to genders or socio-economic backgrounds.