Job
Description
Description: You'll be responsible for: Ensuring that cybersecurity risk management methods is embedded in Client operations, working with IT functions, other enabling functions, and the business lines across the member firm. Maintaining the operational cybersecurity risk register and Strategic Cyber Risk Dashboard for cybersecurity and provide regular updates to CISO leadership and where required, risk governance committees on the operational risks status. Managing the risk identification, analysis, assessment, treatment, and reporting deliverables, reporting the cybersecurity risk profile, and supporting security governance across the member firm. Providing expert security advice and consultation to our business lines and support functions. Support the work to ensure that GRC framework and methodology is embedded in Client operations, working with IT functions, other enabling functions, and the business lines across the member firm. Working with the business relationship management team, business line business advisers and programme managers to support operation cybersecurity risk management activity. Essential An established background as a security practitioner or consultant Experience in the development of the approach to information risk management and assurance Demonstrable understanding of the cybersecurity risk and controls inherent in various technologies and related security best practices Demonstrable ability to identify risks associated with business processes, operations, cybersecurity programs and technology projects Expert in the concept of strategic risk treatment, including risk avoidance or termination; risk reduction or modification; risk transference or sharing; risk acceptance or tolerance and retention. Have a knowledge and understanding of various Cybersecurity / Information Assurance Frameworks, such as NIST CSF. Have a clear knowledge of security standards, methodologies, or frameworks such as ISO27001 or COBIT Demonstrable ability to work in a fast-paced, deadline driven environment. Excellent verbal and written communication skills with the ability to effectively articulate complex technical terms to both technical and non-technical audiences Demonstrated excellence in a variety of competencies including teamwork, collaboration, analytical thinking, communication and influencing skills, and technical expertise. Desirable Industry accreditation like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) Experience in developing and delivering a cybersecurity risk management framework and methodology within an organisation. Demonstrable understanding and experience in delivering service management techniques and tooling in line with ITILv4.
