Job Details

We are seeking a proactive and results-driven professional with 3-5 years of solid experience in assessing, managing, and mitigating cyber risk across enterprise environments. The successful candidate must be a self-starter and driver, capable of taking ownership of cybersecurity risk initiativesand ensuring successful project delivery from start to finish. This role is ideal for someone who thrives on translating complex security challenges into actionable risk management strategies and delivering tangible results.

Key Responsibilities

• Risk Assessment & Analysis: Conduct in-depth cyber risk assessments across systems, applications, and vendors to identify threats, vulnerabilities, and control gaps.
• Risk Management: Maintain and enhance the enterprise risk register, monitor remediation progress, and ensure effective risk treatment plans.
• Project Delivery: Lead or support the delivery of cybersecurity risk-related projects and initiatives-ensuring milestones, deliverables, and outcomes are achieved on time and within scope.
• Framework Alignment: Apply and maintain alignment with leading frameworks such as NIST CSF, ISO 27001, CIS Controls, and COBIT.
• Reporting: Produce clear, data-driven reports and dashboards that communicate risk exposure and trends to both technical and business audiences.
• Policy & Governance: Contribute to the development and improvement of cybersecurity policies, standards, and procedures.
• Collaboration: Partner with IT, compliance, and business units to embed risk management practices into operations and projects.
• Continuous Improvement: Stay current with emerging threats, regulatory changes, and industry best practices to proactively enhance the organization's security posture.
• Technical Insight: Demonstrated ability to recognize what "good" looks like from a cyber risk perspective - able to assess the adequacy and maturity of security controls, identify gaps, and recommend practical improvements aligned with best practices and risk appetite.
• Emerging Technologies: Strong knowledge of cloud security principles and risk considerations, including familiarity with public cloud providers (AWS, Azure, GCP), as well as an understanding of the cyber risk implications related to artificial intelligence (AI) technologies and their use within the enterprise.

Qualifications & Experience

• Education: Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field (or equivalent experience).
• Experience: 3-5 years of proven experience in cybersecurity risk management, risk analysis, or compliance within a corporate or regulated environment.
• Track Record: Demonstrated history of driving and delivering cybersecurity or risk management projects or initiatives.
• Certifications (preferred): CRISC, CISSP, CISM, ISO 27001 Lead Implementer, or equivalent.
• Technical Knowledge:
  • Solid understanding of IT systems, network security, cloud environments, and data protection.
  • Familiarity with risk assessment tools, GRC platforms, and vulnerability management solutions.
• Soft Skills:
  • Strong ownership mindset with the ability to drive initiatives independently.
  • Excellent communication and stakeholder management skills.
  • Analytical and detail-oriented, with a focus on execution and continuous improvement.

Must be a builder with an understanding of how to maintain key risk functions.