Cyber Security, Risk Management Specialist

Job Summary

 The Risk Management Specialist will lead strategic efforts—under management oversight—to identify, assess, and track cybersecurity and digital technology risks to the organization. The Specialist will work closely with management to shape and mature the risk management strategy and will take ownership of executing that strategy across Digital Technology.

This includes overseeing risk posture monitoring, supporting and tracking remediation efforts, and leading the development of risk reporting in various formats. The Specialist will also drive risk reviews and issue assessments related to control and policy exceptions across the environment. The role requires strong collaboration with cybersecurity, digital technology, and IT teams, as well as business stakeholders, to effectively document, report on, and mitigate technology-related risks

Essential Functions

• Maintain the cybersecurity and digital technology risk register and issue register, including tracking of risk prioritization, remediation status, and risk trajectory across the organization.
• Support the execution of cybersecurity and digital technology risk assessments across the enterprise to inform leadership decisions related to risk and business strategy.
• Assist in the development and maintenance of metrics and dashboards that measure risk program progress and highlight trends in the technology environment.
• Review and document exception requests to standard cybersecurity and digital technology controls, identifying associated risks to inform leadership review and approval.
• Lead process improvement efforts that enhance and mature the effectiveness and efficiency of cybersecurity and digital technology risk management practices.
• Business and Interpersonal Expectations:
  • Communicate and collaborate effectively and professionally with peers, management, and business stakeholders across technical and non-technical teams.
  • Maintain strict confidentiality regarding sensitive company information and identified risks.
  • Keep management informed of developments within assigned areas of responsibility and support special projects as requested.

Qualifications

• Bachelor’s or Master’s Degree in Cyber Security, Computer Science, Risk Management (or other related field), or equivalent work experience.
• Duration:
  • 3+ years of IT or information security, and
  • 3+ years of risk management
• Activities:
  • Practical experience with risk management activities.
  • Executed risk assessments across large scale environments.
  • Worked in process-driven structured environments and participated in process optimization activities.
• Competencies:
  • Knowledge of cybersecurity and technology risk frameworks
  • Proactive identification and solving of complex problems
  • Effective communication of complex concepts to a non-technical audience
  • Excellent written and verbal communication skills