Job Description

WHAT YOU’LL CHAMPION:

• Cyber Security Risk Management 

  • Implement and maintain a cyber security risk management program, framework, processes, and any relevant mechanism. Ensure the risk management framework aligns with regulatory requirements (e.g., GDPR, CCPA, HIPAA, PCI-DSS) and industry standards (e.g., NIST CSF, ISO 27001).

  • Oversee and execute comprehensive risk assessments, including cloud security risk and control effectiveness reviews.

  • Support internal and external audits by providing evidence of effective Cyber Security risk management practices.

• Third party Cyber Security Risk Management:

  • Identify, assess (including supplier tiering, contract assurance, and control implementation controls throughout supplier lifecycle), and introduce risk mitigation related to third-party relationships including vendors and partners. 

  • Provide strategic cyber risk oversight of third-party relationships, ensuring that they meet security standards, comply with regulations, and maintain a strong security posture across the third party lifecycle

• Cyber Security Risk Mitigation and Remediation:

  • Prioritize and track remediation efforts for all identified Cyber related risks (including third parties)within the risk register and, collaborate with relevant business units to develop effective risk treatment plans.

  • Monitor the effectiveness of implemented security controls and risk mitigation strategies.

• Data and AI Security:

  • Perform Data security assessment (including cyber controls related to data privacy) on relevant scope to ensure sufficient controls are in place to secure data based on sensitivity level

  • Provide Cyber Security assurance or conduct cyber risk assessment on security architectures and protocols specifically for AI/ML systems and their entire lifecycle (data ingestion, model training, deployment, and inference)

• Reporting and Communication:

  • Prepare and present clear, concise, and business-focused risk reports to business system owners, department head, executive leadership and other governance bodies.

  • Communicate complex technical concepts and the residual risk posture in non-technical, business-centric language.

• Team Leadership and Development:

  • Mentor and lead a team of risk analysts or specialists, fostering a culture of risk awareness and continuous improvement.

WHO YOU ARE:

• With at least 10 years of experience in Cyber Security Risk Management or Governance role 

• Strong knowledge of current and emerging cyber security risks, and innovative risk management methods

•  Strong analytical and problem-solving skills to identify and resolve complex security issues.

• Ability to collaboratively develop a cyber risk strategy in conjunction with numerous and diverse stakeholders

• Prior experience with security policy, standards, and controls definition

• Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills

• Excellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical audiences.

• Proven ability to handle high-pressure situations and make critical decisions under time constraints.

• (Optional) Relevant security certifications or experience on Cyber Security Architecture