Senior Cyber Risk Specialist

Job Summary:

This is a senior-level professional role responsible for driving efforts to support governance, risk, and compliance within an organization. The primary objective of this position is to ensure the effective execution of information security directives and activities in alignment with the company's cyber and information security policy.

The key responsibilities of this role include:

• ">
• Production of regular information security metrics for multiple legal entities and regional governance bodies.">
• Preparation of periodic information security reports for senior management summarizing the risk posture for the business.">
• Guidance on preparing for audits, resolving audit findings, and ensuring closure.">
• Assistance with strengthening controls and processes to pass audits with a satisfactory audit rating for all information security topics with no major issues.">
• Preparation and management of responses to regulatory bodies on behalf of the chief information security officer (CISO) regional leadership.">
• Preparation of management information.">
• Support for governance of risk exceptions, issues, and corrective action plans.">
• Ensuring approvals and reviews are executed when needed.">
• Proactive engagement with counterparts (in different disciplines) and teams to enhance risk oversight.">
• Establishment of communication channels with cross-sector information security officers with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses.">
• Strong stakeholder management skills required to effectively influence and communicate cyber risk.">
• Proactive building of relationships across peers and stakeholders within the geographies.">
• Focus on process improvements, removal of deficiencies, and enhancement of current tools for reducing overall risk profile.">
• Participation in the information security community on committees and cross-business / functional opportunities.">
• Attendance and participation in internal/external forums and risk committees as appropriate.">
• Demonstration of extensive understanding of information security standards and best practices across multiple disciplines.">
• Completion of additional tasks connected with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.">
• Support for the implementation of the information security training plan by verifying training participants completed the training and understand information security requirements.">
• Application of appropriate governance to regional cyber programs.">
• Escalation of significant risks to the Regional/Sector Information Security Leadership for information or required actions.">
• Attendance and participation in internal/external information security forums and risk committees as necessary.">
• Management of audits in line with CISO expectations and in partnership with peers from other product lines.">
• Resolution of non-compliant items through coordination with colleagues across CISO and the legal entities.">
• Support for the development and implementation of CISO policies, standards, and initiatives.">
• Ability to operate with a limited level of direct supervision.">
• Exercise of independence of judgement and autonomy.">
• Acting as SME to senior stakeholders and/or other team members.">

Qualifications:

• ">
• Proficiency in interpreting and applying policies, standards, and procedures.">
• Consistent demonstration of clear and concise written and verbal communication.">
• Proven influencing and relationship management skills.">
• Proven analytical skills.">
• Bachelor's degree/University degree or equivalent experience.">
• Master's degree preferred.">