This Job Vacancy has Expired!

Cyber Risk Manager

Boss Professional Services

Posted on Jul 17, 2022 by Boss Professional Services

Dublin, Ireland
Immediate Start
€75k - €80k Annual

Key activities for this role include the following:

  • Identifying industry standards and regulatory guidelines for managing information security in order to minimise the risk of compromise of sensitive business systems.
  • Leading the development, maintenance, and evaluation of organisational security policies and procedures, and working closely with engineering and operations teams to ensure systems controls meet security requirements.
  • Managing and following up on the results of audits of system security and remediation efforts.

Key Responsibilities

  • Design, implement, and maintain the overall IT/cyber security risk management framework across client organisations
  • Perform ongoing oversight and monitoring to ensure compliance by clients with the IT/security risk management framework
  • Support and challenge the assessment of IT and Security risk across all relevant areas of clients and escalate risk and control issues to the clients Chief Risk Officer as required
  • Design and implement appropriate reporting on IT and Security risk status to the Board and appropriate committees
  • Report and monitor the status of this to ensure risks remain within risk appetite and escalate any concerns to the clients Chief Risk Officer as required
  • Support and challenge client's IT with its ongoing/periodic Risk and Control Self-Assessments (RCSAs) and perform Quality Assurance on RCSAs to feedback any concerns
  • Help drive the mitigation of key IT/security risks by identifying and recommending changes to policies and procedures, control enhancements, etc. as needed
  • Maintain awareness of emerging IT/security risks and trends and raise awareness of such risks to the clients' Board, Senior Management, and governance fora/committees as appropriate
  • Identify relevant IT/security regulations, interpret relevant requirements and disseminate these accordingly in the form of actionable requirements to the client's functional areas
  • Provide risk management guidance to client's business and IT teams on IT Outsourcing requirements and initiatives
  • Provide interpretation of IT/security-related regulations and guidelines and disseminate this to clients and monitor compliance with such regulations
  • Develop and monitor IT/security policies and procedures (eg IT policy, Information Security policy, Cyber Security policy, Outsourcing policy) and implement a schedule of regular reviews to ensure that policies are kept relevant and aligned to industry expected standards
  • Work in conjunction with relevant business stakeholders to ensure implementation of operational risk policies, standards, and procedures to achieve effective mitigation and treatment of IT and Security risks
  • Define, develop and implement appropriate IT/security risk assurance capability and associated risk reporting (including key risk indicators)
  • Work closely with the Chief Risk Officer to drive the continued development of the IT/Security risk management framework

Qualifications & Experience

  • 6+ years of experience in IT/Security Risk Management in either a first line or a second line capacity. IT Audit experience is also helpful
  • Experience in developing and maintaining Technology and Security risk frameworks, policies, and guidance
  • The ability to develop and foster strong relationships with relevant business stakeholders;
  • Proven communication skills, ability to work effectively with and influence stakeholders at all levels of an organisation
  • Strong understanding of technology/security risk and control and the business impacts of these risks, in particular, how they impact clients and their reputation
  • Strong communications skills, proven ability to work effectively with and influence the actions of stakeholders at all levels of clients. Credibility to influence Senior Management and wider internal and external stakeholders
  • Strong interpersonal skills and a team player;
  • Professional or third level qualification ideally in Risk, Compliance, Information Technology, Business or Finance
  • Knowledge of Operational Risk requirements and industry guidelines for IT and security risk management and mitigation within financial services
  • Good knowledge in relevant IT/Security domains (eg Application Development, Change Management, Application Security, Security Operations, Cyber Security Monitoring, Vulnerability Management, Incident Management, Identity and Access Management or Cloud Security/Infrastructure)
  • Professional certifications in the field of Operational Risk Management, IT Risk Management, Information Security, Cyber Security, etc. are highly recommended (eg CRISC, CISA, CISM, CISSP, ITIL, COBIT 2019, ISO2700X, NIST CSF, etc.)
  • Successful history in performing internal and/or external audits, including a focus on IT, Information Security, IT Continuity and Resilience, IT Disaster Recovery, and IT Outsourcing risk
  • Successful history of third-party risk management experience. Experience performing third party risk assessments in areas including but not limited to Privacy and Information Security

Reference: 1671028818

Set up alerts to get notified of new vacancies.