Responsibilities:
- Collaborate with IT, security, and compliance teams to assess the organization's cyber risk landscape and develop risk management strategies.
- Conduct thorough cyber risk assessments to identify vulnerabilities and potential threats across systems, networks, applications, and data.
- Analyze and evaluate the effectiveness of existing cybersecurity controls and practices to identify gaps and areas for improvement.
- Develop and implement risk mitigation plans and strategies to address identified vulnerabilities and weaknesses.
- Monitor and assess emerging cyber threats, vulnerabilities, and attack trends, and provide recommendations for proactive risk management.
- Contribute to the development and implementation of cybersecurity policies, procedures, and guidelines.
- Collaborate with internal and external stakeholders to ensure compliance with relevant regulatory frameworks and standards (e.g., GDPR, ISO 27001, NIST).
- Assist in conducting internal and external cybersecurity audits and assessments.
- Provide technical expertise and guidance to teams involved in incident response and recovery efforts.
- Develop and deliver cybersecurity training and awareness programs to educate employees about best practices and security measures.
- Stay up-to-date with the latest cybersecurity trends, tools, and technologies to inform risk assessment and mitigation strategies.
- Prepare and present comprehensive reports on cyber risk assessments, findings, and recommendations to leadership.
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent practical experience).
- Proven experience as a Cyber Risk Specialist, Cybersecurity Analyst, or similar role, with a deep understanding of cybersecurity principles and risk management.
- Strong knowledge of cyber threat landscape, attack vectors, and common vulnerabilities.
- Familiarity with industry cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Critical Security Controls.
- Experience in conducting risk assessments, vulnerability assessments, and penetration testing.
- Strong understanding of network and system security principles, including firewalls, intrusion detection/prevention systems, encryption, and authentication protocols.
- Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively.
- Knowledge of security tools and technologies, including SIEM, IDS/IPS, antivirus, and endpoint security solutions.
- Effective communication skills to convey technical concepts to non-technical stakeholders.
- Ability to work collaboratively in a team environment and across different departments.
- Relevant cybersecurity certifications (e.g., CISSP, CISM, CRISC) are a plus.
- Experience with incident response and business continuity planning is advantageous.
- Familiarity with cloud security and mobile security best practices is a plus.
- Understanding of legal and regulatory requirements related to data protection and privacy is beneficial.