The Technical Risk Assessment Specialist role involves conducting comprehensive risk assessments on the technical risks associated with a product or service of Core42 across its entire lifecycle, from development to decommissioning. The role requires competency in evaluating technical risks pertaining to IT Infrastructure, Data Centres, Applications, Cloud, and AI on systems and technical architecture, information security, and business continuity.
Responsibilities
-
Overall Risk Assessment & Management
- Baseline Technical Risk Assessment (TRA) Criteria and Checklist on Core42 Infrastructure, Data Centres, Applications, Cloud, and AI on Core42 products, services, & locations.
- Map Risk and Control Statements to industry, contractual, and partner standards to ensure compliance.
- Execute TRAs based on identified plans and document the risk assessment according to Core42 ERM standards, ensuring agreement with stakeholders.
- Ensure follow-up of identified risks based on agreed handling plans to manage risk in relation to risk rating and risk appetite.
- Report on the status of the risk assessments to stakeholders and to GRC.
-
Threat Assessments and Modelling
- Collaborate with stakeholders to analyze threat intelligence, identify vulnerabilities, and develop appropriate mitigation strategies.
- Monitor and analyze emerging threats and vulnerabilities related to information security, particularly concerning cloud environments and AI technologies.
-
Service and Operations Management
- Collaborate with IT and operations teams to integrate risk management practices into service management processes (ITIL).
-
Applications Security and Management
- Conduct security assessments of applications, focusing on secure coding practices, OWASP vulnerabilities, and security testing techniques.
- Support development teams in integrating security into the software development lifecycle (DevSecOps).
- Advocate for and implement DevSecOps practices to integrate security into the CI/CD pipeline, ensuring security considerations are part of the development lifecycle.
-
Compliance, Cloud Governance
- Establish governance frameworks for cloud environments (AWS, Azure) to ensure compliance with security best practices (ISO and SOC 2) and regulatory requirements.
- Recommend cloud security controls, including identity and access management (IAM), data encryption, and monitoring/logging solutions.
-
Supply Chain Risk Management
- Assess third-party vendors for compliance with security standards, conducting risk assessments that evaluate their security posture and data handling practices.
-
Ethical Hacking and Offensive Security
- Implement offensive security practices to identify and address vulnerabilities through ethical hacking assessments.
- Collaborate with security teams to review penetration testing and vulnerability assessments.
- Engage with red team activities to simulate real-world attacks and improve the organization's overall security posture.
-
Business Continuity Considerations
- Evaluate business continuity implications of onboarding new applications and services, ensuring that recovery strategies are in place and aligned with organizational goals.
- Conduct Business Impact Analyses (BIAs) to assess the potential impact of disruptions and ensure that critical business functions can be maintained.
-
Collaboration and Awareness
- Conduct training sessions and workshops to enhance understanding of technology risks, secure coding, application security, incident response, and vulnerability management.
- Work closely with IT, security, compliance, and development teams to promote risk awareness and implement risk management practices in DevSecOps environments.
- Prepare detailed risk assessment reports and executive presentations communicating findings and recommendations to both technical and non-technical stakeholders.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field; Master’s degree preferred.
- 4 to 8 years of experience in information security, operational risk management, or DevSecOps environments.
- Strong understanding of security frameworks and standards (e.g., NIST) and their application in risk assessments.
- Proficiency in security technologies, including firewalls, IDS/IPS, SIEM, and encryption.
- Proven experience in application security and implementing security by design principles in software development.
- Experience in conducting AI audits and risk assessments for machine learning models and algorithms.
- Familiarity with compliance frameworks (ISO 27001, SOC 2) and regulatory requirements.
- Understanding of DevSecOps principles and tools.
- Knowledge of application security principles and secure coding practices.
Skills
- Relevant security certifications like CISSP, CISA, CEH, CCSP, CASE, CDP are preferred.
- Expertise in security tools for vulnerability assessment, penetration testing, and incident response.
- Excellent communication and collaboration skills to work effectively with technical teams and executive leadership.
Work Conditions
- An open, diverse, and inclusive environment that encourages personal growth and focuses on innovative, industry-first projects.
- Hybrid work policy to balance office and home work.
- Competitive remuneration package with perks including healthcare, education support, and leave benefits.
