Senior Manager - Cybersecurity Risk

The role is responsible for managing and overseeing the organization’s information security risk management framework. This role ensures that security risks are identified, assessed, mitigated, and reported in alignment with regulatory requirements, business objectives, and industry best practices. He/she also supports incident management, policy development, and compliance initiatives to strengthen the organization’s security posture.

Responsibilities

• Effectively communicate cybersecurity risks and posture to senior management.
• Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems.
• Develop risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.
• Develop specific cybersecurity countermeasures and risk mitigation strategies.
• Perform risk analysis whenever an application or system undergoes a major change.
• Carry out a cybersecurity risk assessment.
• Work with others to implement and maintain a cybersecurity risk management program.
• Establish a risk management strategy for the organization that includes a determination of risk tolerance.
• Use continuous monitoring tools to assess risk on an ongoing basis.
• Enforce, incorporate, and comply with all necessary controls and related information security policies.

Requirements

• A tertiary level qualification from a recognized institution.
• Industry-recognized certifications in CISSP, CISM, CISA, CRISC, or ISO 27001 or other relevant certifications preferred.
• Recommended 5 to 7 years of equivalent experience in Enterprise and Information Risk Management and compliance.
• Strong knowledge and understanding of regulatory compliance requirements and internal audit concepts.
• Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude.
• Experience in performing cybersecurity-related impact and risk assessments.