WHAT YOU'LL CHAMPION:
Cyber Security Risk Management
- Implement and maintain a cyber security risk management program, framework, processes, and any relevant mechanism. Ensure the risk management framework aligns with regulatory requirements (e.g., GDPR, CCPA, HIPAA, PCI-DSS) and industry standards (e.g., NIST CSF, ISO 27001).
- Oversee and execute comprehensive risk assessments, including cloud security risk and control effectiveness reviews.
- Support internal and external audits by providing evidence of effective Cyber Security risk management practices.
Third party Cyber Security Risk Management:
- Identify, assess (including supplier tiering, contract assurance, and control implementation controls throughout supplier lifecycle), and introduce risk mitigation related to third-party relationships including vendors and partners.
- Provide strategic cyber risk oversight of third-party relationships, ensuring that they meet security standards, comply with regulations, and maintain a strong security posture across the third party lifecycle
Cyber Security Risk Mitigation and Remediation:
- Prioritize and track remediation efforts for all identified Cyber related risks (including third parties)within the risk register and, collaborate with relevant business units to develop effective risk treatment plans.
- Monitor the effectiveness of implemented security controls and risk mitigation strategies.
Data and AI Security:
- Perform Data security assessment (including cyber controls related to data privacy) on relevant scope to ensure sufficient controls are in place to secure data based on sensitivity level
- Provide Cyber Security assurance or conduct cyber risk assessment on security architectures and protocols specifically for AI/ML systems and their entire lifecycle (data ingestion, model training, deployment, and inference)
Reporting and Communication:
- Prepare and present clear, concise, and business-focused risk reports to business system owners, department head, executive leadership and other governance bodies.
- Communicate complex technical concepts and the residual risk posture in non-technical, business-centric language.
Team Leadership and Development:
- Mentor and lead a team of risk analysts or specialists, fostering a culture of risk awareness and continuous improvement.
WHO YOU ARE:
- With at least 10 years of experience in Cyber Security Risk Management or Governance role
- Strong knowledge of current and emerging cyber security risks, and innovative risk management methods
- Strong analytical and problem-solving skills to identify and resolve complex security issues.
- Ability to collaboratively develop a cyber risk strategy in conjunction with numerous and diverse stakeholders
- Prior experience with security policy, standards, and controls definition
- Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills
- Excellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical audiences.
- Proven ability to handle high-pressure situations and make critical decisions under time constraints.
- (Optional) Relevant security certifications or experience on Cyber Security Architecture
