Lead - Cyber Risk Management (5-10 yrs)

Experience: 5 to 10 Years.

Job Description:

- We are looking for a Cyber Risk Management Lead to identify and mitigate risks.

- The candidate should have solid task management skills and effective communication abilities.

- They must be able to respond quickly to security incidents and have at least 5 years of experience in Cybersecurity Risk management.

- The ideal candidate should have an understanding and practical experience with enterprise IT infrastructure components like O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi-factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP, etc , along with cloud environments, particularly AWS (required).

Detailed Job Description:

- Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.

- Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.

- Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc.

- Conducting internal security assessments to ensure continued compliance.

- Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture.

- Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls.

- Reviewing RFPs (request for proposal) and providing responses for Cybersecurity related items.

- Managing Risk Governance.

- Implementing/governing AWS Cloud and Office 365 Security.

- Managing and supporting internal and external audits.

- Following up till closure on audit findings if any.

- Managing dashboards and reports to keep track of priority events for IT and IS.

- Creating MOM for Board Meetings.

- Evaluating Vendors for cyber security controls.

- Reviewing firewall rules for On-premises and AWS firewall.

- Creating Security Awareness materials (PPT/e-mailers) and providing training as needed.

- Managing incidents and Business continuity.

- Preparing CISO dashboard and success reports.

- Meeting with business team to understand their business requirements from cyber security perspective.

- Basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.

- Understanding of respective industry best practices (NIST, ISO, OWASP, ITIL).

- Having at least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP).

- Prior experience in management of technology infrastructure is preferred.