Cybersecurity Risk Specialist

Key Accountability Areas

Key Activities

Security Risk Management

• Develop security risk profiles of computer systems by assessing threats to, and vulnerabilities of, those systems.

• Develop security risk mitigation strategies to effectively manage risk in accordance with organizational risk appetite.

• Develop statements of preliminary or residual Cybersecurity risks for system operation.

• Ensure that decisions relating to Cybersecurity are based on sound risk management principles.

• Ensure Cybersecurity risks are identified and managed appropriately through the organization's risk governance process.

• Act as the Cybersecurity risk management liaison with IT and OT departments and others.

• Report to SANS GRC Manager management with regard to risks and other security exposures.

• Manage oversight and monitoring of risk mitigation and coordination of policy and controls with GRC manager, to ensure that risk owners are taking effective remediation steps

• Develop and direct risks control monitoring programs to ensure cyber risks are managed to the appropriate level of acceptable residual risk

• Follow up on risks raised and communicated to the business, to ensure that appropriate remediation measures have been taken.

• Develop and provide initial approval of the Cybersecurity risk management policy

• Define the Cybersecurity risk management methodology

• Develop risk assessment reports

• Follow up on Cybersecurity risk actions

• Ensure that Cybersecurity risk management training and awareness is conducted

• Ensure alignment with the enterprise risk management methodology

• Apply and implement the Cybersecurity risk management process

• Perform risk assessments, and follow-up on risk status and actions taken in coordination with the risk owners

• Develop and maintain the Cybersecurity risk register

• Perform necessary corrective measures in order to align with the enterprise risk management methodology

• Develop risk assessment reports and sends it to the risk management head for approval

• Assign risk ownerships in coordination with the business owners

• Analyze business impact and potential exposure based on emerging security threats, vulnerabilities and risks, and recommend mitigating actions.

Policies, Processes and Procedures

• Conduct day-to-day activities while ensuring compliance to policies and procedures • Contribute to the identification of opportunities for continuous improvement of systems, processes taking into account leading practices, changes in business environment, cost reduction and productivity improvement Qualifications for Internal Candidates Knowledge and Experience

• Minimum of 6 years of experience in Cybersecurity or Information Security.

• Previous engagements in organizations managing critical infrastructure is preferred.

Education and Certifications

• A Bachelor's degree in Computer Science, Computer Engineering, IT, Systems Engineering or equivalent is required. • ISO27005 Risk Management certification is preferred.

• Relevant Cybersecurity GRC certifications is preferred