Cyber Security Risk Specialist

The Cyber Security Risk Specialist is responsible for identifying, assessing, and managing an organization’s cybersecurity risks to protect its information and technology assets in accordance with organizational policies and procedures, as well as related laws and regulations.

Key Responsibilities:

• Effectively communicate cybersecurity risks and posture to senior management.
• Develop security risk profiles of computer systems by assessing threats and vulnerabilities.
• Create risk mitigation strategies to manage risk in accordance with organizational risk appetite.
• Develop specific cybersecurity countermeasures and risk mitigation strategies.
• Produce preliminary or residual cybersecurity risk statements for system operation.
• Ensure cybersecurity decisions are based on sound risk management principles.
• Perform risk analysis during significant application or system changes.
• Contribute to the risk management framework and related documentation.
• Ensure cybersecurity risks are managed through the organization's risk governance process.
• Carry out cybersecurity risk assessments.
• Work collaboratively to implement and maintain a cybersecurity risk management program.
• Assign individuals to roles associated with the execution of the Risk Management Framework.
• Establish a risk management strategy that includes a determination of risk tolerance.
• Conduct initial and ongoing risk assessments of stakeholder assets.
• Collaborate with officials to ensure continuous monitoring tools provide awareness of risk levels.
• Utilize continuous monitoring tools to assess risk continuously.
• Develop methods to effectively monitor and measure risk, compliance, and assurance efforts.
• Determine and document supply chain risks for critical system elements.

Requirements:

• Minimum bachelor’s degree in Cybersecurity, Information Security, Computer Engineering, Systems Engineering, Telecommunication Engineering, Information Technology, or Computer Science.
• Professional certifications related to Cybersecurity Risk, such as CRISC or Security+, are preferred.
• Minimum of 3 years of experience in Cybersecurity Risk Management.
• Strong skills in planning and organizing, risk analysis, problem-solving, and attention to detail.