Senior Manager - Cyber Security Risk Assessment

JOB TITLE:

WORK LOCATION:

Role Summary

The Senior Manager Cybersecurity Risk Assessment is responsible for Leading the Cyber Security Risk Assessment (CSRA) function to evaluate, advise and remediate security risks across applications, infrastructure and cloud environments. This role owns the end-to-end risk assessment lifecycle, scoping and performing assessments for Web, Mobile, API and thick-client applications, benchmarking against NIST and other standards, validating remediation and driving automation and innovation to scale the team’s output. The Senior Manager will manage a team of security assessors, set performance goals, liaise with engineering and product stakeholders and ensure risk findings are actionable and tracked to closure.

Key Responsibilities

• Own and execute the CSRA program across applications, infrastructure and cloud, ensuring assessments are timely, consistent and risk-focused.
• Lead risk assessments for Web, Mobile, API and thickclient applications and for open source solutions across onpremises, hybrid and SaaS deployment models.
• Conduct NIST (and relevant standard) benchmarking exercises, identify gaps, prioritize findings and provide clear, practical remediation recommendations.
• Validate and revalidate observations and remediation implementations to confirm risk reduction and closure.
• Develop and maintain standard assessment frameworks, templates, playbooks and checklists to ensure repeatability and quality.
• Drive innovation and automation to reduce manual effort in assessment processes.
• Partner with application, cloud, infra and DevOps teams to translate security findings into prioritized, deliverable remediation tasks.
• Present assessment results and risk posture to senior management and stakeholders; clearly articulate business impact and recommended next steps.
• Manage and coach the CSRA team: recruitment, training, career development and performance management.
• Establish and track KPIs for the CSRA function, continuously improve throughput, accuracy and stakeholder satisfaction.
• Ensure assessments align with regulatory and compliance requirements and feed into broader risk and governance programs.

Required Technical Skills and Domain Knowledge

• Deep understanding of application security testing methodologies and techniques.
• Strong knowledge of infrastructure security (network segmentation, host hardening, vulnerability management, logging and monitoring).
• Proven experience in cloud security (AWS, Azure or GCP): identity and access management, network design, data protection, secure configuration and cloud-native security controls.
• Experience assessing security of Web, Mobile, API and thick-client applications; familiarity with OWASP Top 10, mobile threats and API security patterns.
• Expertise evaluating open-source components and associated supplychain risks; ability to assess licensing, vulnerability exposure and mitigation strategies for onprem, hybrid and SaaS solutions.
• Practical experience with NIST frameworks (SP 800 series), SWIFT CSP, CIS benchmarks or equivalent standards and translating benchmark gaps into remediation plans.
• Familiarity with security automation tools and platforms (CI/CD integration, scanning orchestration, ticketing integrations, reporting/dashboards).
• Strong handson skills with common security tooling: vulnerability scanners, SAST/DAST, dependency scanners, penetration testing toolkits and cloud security posture management (CSPM).

Leadership, Communication and Process Skills

• Experience leading and scaling a security assessment team; strong people management and performance review capabilities.
• Excellent stakeholder management and influencing skills; ability to work with engineering, product and operations teams to drive remediation.
• Strong written and verbal communication; able to produce clear, concise risk reports and present to technical and nontechnical audiences.
• Process-oriented mindset with a track record of defining and improving assessment workflows, SLAs and quality controls.
• Strong project and program management skills, with the ability to prioritize work across multiple concurrent assessments.

Qualifications & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, or related field
• 12-16 years of experience in cybersecurity, with at least 5 years in risk assessment or GRC roles
• Professional certifications such as CISSP, CISM, CRISC, or CISA preferred
• Strong knowledge of cybersecurity frameworks, risk methodologies and threat landscapes
• Experience with cloud security (AWS, Azure, GCP) and third-party risk management preferred.

Why Join Us?

• Be at the forefront of cybersecurity strategy and innovation
• Work with cross-functional teams to protect critical assets and data
• Influence enterprise risk posture and drive meaningful change

Employment Type

• All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent