IS Risk Manager

Role and Responsibilities:

• Conduct security risk assessments, monitor organizational compliance, and ensure effective prioritization and remediation of cyber risks within agreed SLAs.
• Identify cloud-related risks, assess business impacts, and develop actionable mitigation strategies aligned with governance and control measures.
• Perform audits, manage gap analyses, and ensure compliance with standards like ISO/IEC 27001, PCI DSS, and NIS 2, including readiness and monitoring activities.
• Develop and maintain a corporate-wide Business Continuity Plan addressing recovery and emergency response, ensuring alignment with business and regulatory requirements.
• Create, implement, and maintain security policies, procedures, and awareness training programs to enhance organizational security posture.
• Collaborate with stakeholders, including Legal and third-party vendors, to manage security requirements, regulatory compliance, and operational decision alignment with policies.
• Facilitate ongoing improvement by analyzing risks, regulatory updates, and stakeholder feedback, ensuring effective communication and presentation of security findings.

Skills & Experience:

• Extensive experience in security governance, risk, and compliance, including auditing IT systems, leading ISO 27001 certification processes, and conducting security risk assessments.
• Proven expertise in business continuity, cloud security, GRC tools, and virtualization technologies, with the ability to share technical knowledge across teams.
• Strong management and leadership skills, adept at setting goals, delegating tasks, and ensuring objectives are met in dynamic, deadline-oriented environments.
• Exceptional communication and interpersonal skills, capable of interacting with diverse groups, including executives and technical teams, and delivering effective presentations and training.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer, combined with a relevant degree or equivalent experience in information security fields.
• Demonstrated ability to work independently with a proactive, results-driven mindset, while fostering team collaboration and maintaining focus on service delivery.
• Strategic thinker with a global perspective, innovative approach, and technical depth to lead discussions on cloud application security technologies and enterprise solutions.