Cybersecurity Risk Specialist

About the job The Cybersecurity Risk specialist is responsible for assessing and managing cybersecurity risks across the organization. This role involves identifying potential threats, evaluating vulnerabilities, and implementing strategies to mitigate risks effectively. The ideal candidate will deeply understand cybersecurity principles, risk assessment methodologies, and industry best practices.

Major Accountabilities and Expected Accomplishments

• Conduct regular risk assessments to identify vulnerabilities and threats, evaluate risk levels, and recommend mitigation strategies.
• Conduct detailed risk analyses and assessments on IT systems, networks, and data to identify vulnerabilities, threats, and potential security issues.
• Develop and recommend risk mitigation strategies and solutions to manage identified risks effectively. Work closely with IT and security teams to implement these strategies.
• Ensure compliance with industry security standards such as ISO 27001, NIST, GDPR, HIPAA, etc.
• Produce risk reports and documentation for both technical and non-technical stakeholders. Maintain comprehensive records of risk assessments, mitigation strategies, and audit findings. Work closely with various departments to communicate risk-related concepts and discuss the necessary actions and precautions.
• Prepare for and manage internal and external audits related to cybersecurity risks.
• Collaborate with legal, IT, and business units to ensure cybersecurity risk is mitigated across all aspects of the organization. Prepare and present reports on risk assessment findings, and recommendations for improvement to senior management.

Competencies

• Strong understanding of cybersecurity frameworks (e.g., NCA, NIST, ISO 27001).
• Project management skills and experience, with abilities to manage multiple projects under tight deadlines.
• Experience with risk management software/tools (e.g., RSA Archer, MetricStream).
• Experience in conducting third-party risk assessments and vendor management.
• Professional certifications such as CRISC, CISA, CISSP, or equivalent.
• Proven experience in cybersecurity risk management, including risk assessment, analysis, and mitigation.

Qualifications and Experience

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Minimum 5 years of experience in cybersecurity, compliance, audit, or a related field.