Technology and Cyber Risk Manager

Cybersecurity Risk Manager

The Cybersecurity Risk Manager will collaborate closely with and report to the Head of Technology and Cyber risk to implement and improve on the risk management framework and artifacts for cybersecurity risk management.

Your primary responsibility will be to oversee and manage the risk assessment and assurance processes for all cybersecurity risks, including those associated with third-party technology vendors and partners. This role ensures that all cybersecurity practices comply with company policies, industry regulations and best practices, and the ideal candidate will have a strong background in cybersecurity, risk management, and vendor management.

You will use your strong communication and relationship building skills to foster robust relationships across the business including stakeholders within procurement, IT, legal and compliance.

Key Responsibilities

Policy and Standards Development:

• Support in the improvement, maintenance and reporting of comprehensive Technology and Cybersecurity risk management policies, procedures, and guidelines in line with industry standards and regulatory requirements.
• Identify and recommend risk mitigation strategies and control enhancements, working closely with the business, Cyber Security,  IT, procurement, and vendors to ensure compliance.

Cyber Risk Assessments:

• Direct the Technology and Cyber Risk team in undertaking thorough risk assessments to evaluate risk exposure, security controls, and compliance with industry standards and regulations.

Due Diligence:

• Manage and direct the team through the activity of performing due diligence on new and existing third-party technology relationships, including reviewing security and technology policies, compliance documentation, contractual terms, and technical controls.

Monitoring and Reporting:

• Continuously monitor technology and cybersecurity risk activities and performance, providing regular reports to senior management on risk status and mitigation efforts.
• Create and maintain comprehensive documentation of assessments, risk profiles, and mitigation plans.

Collaboration:

• Work closely with internal stakeholders, including IT, legal, procurement, and compliance teams, to ensure a comprehensive approach to cybersecurity and technology risk management.

Training and Awareness:

• Develop and conduct training sessions and awareness programs for employees on technology and cybersecurity risk management and compliance requirements.

Incident Management:

• Be the main contact and lead investigations and response efforts for any cybersecurity incidents involving 3rd parties. Ensuring collaboration with the Security Operations team and driving timely resolution while maintaining accurate documentation. Communicate findings to all relevant senior stakeholders.

Continuous Improvement:

• Stay up to date with industry trends and best practices in cybersecurity and technology risk management and identify opportunities for process improvements, implementing best practices to enhance the risk management program.

Qualifications/Education

• • Bachelor’s degree or equivalent experience in Information Security/Technology, Cybersecurity, or equivalent.
  • An MSc in Information Security/Technology, Cybersecurity, or equivalent would be an advantage.

Certification

• • Information Security and/or Risk Management certifications such as CRISC, CISM, CISA, CISSP, CTPRP, etc., are preferred.

Knowledge and Skills   

• • Strong understanding of technology risk management, information security, and regulatory compliance.
  • Excellent communication and interpersonal skills with the ability to effectively engage with a wide range of stakeholders with varying levels of technical and security knowledge.
  • Experience working with and reporting to senior leadership would be very beneficial.
  • Analytical mindset with the ability to assess complex technology issues and environments and identify potential risks.
  • Proven ability to work independently and collaboratively in a cross-functional team environment.
  • Strong organizational skills, attention to detail, and the ability to manage multiple tasks simultaneously.
  • Ability to work independently, under general guidance.
  • Strong analytical and problem-solving skills with the ability to exercise mature judgment.
  • Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively.
  • Fluent in spoken and written English.

Experience      

• • Five years of experience in cybersecurity risk management, including experience in managing assessment frameworks.
  • Experience managing small global teams with a strong ability to manage and adapt to changing priorities.
  • Experience in managing 3rd party assessments for all categories of suppliers (MSPs, SaaS, IaaS, PaaS, Professional Services, etc.).
  • Experience working with SAP.
  • Experience with workflow automation tools, specifically Microsoft Power Apps and Power Automate.