Qualification and Experience

• Strong technical background with 5 + years of experience in risk management with proven IT risk and/or IT governance skills.
  
• Certified CRISC/CISA/CISM/CISSP or other relevant qualifications.
  
• An Information Security GRC position with strong knowledge of ISO27001, NIST, OWASP, and PSI-DSS
  
• Knowledge of risk management/cyber security controls and tooling is desirable.
  
• Has strong policy writing experience
  
• Can communicate with Senior Stakeholders about Information risk.
  
• Can build relationships with stakeholders at all levels.
  

• Conduct objective, fact-based risk assessments on new and existing systems and share findings with all stakeholders within the information system.
  
• Managing the IT Risk environment, including related policies, standards, and processes.
  
• Manage the risk portfolio to include linking risk to controls, coordinating control owners to conduct RSCAs, and appropriately documenting control statements.
  
• Understand and provide advice on managing cybersecurity risks; collaborate with other IT professionals as needed to address new emerging threats.
  
• Manage the self-identified issue process; acceptance of issues; tracking SIIs and audit issues to closure.
  
• Develop and implement a cybersecurity defence strategy, including business continuity and disaster recovery procedures.
  
• Identify threats and conduct risk assessments to address cybersecurity risks.
  
• Work with the team to improve the security posture of the business and reduce its risk profile.
  
• Conduct on-site security assessments to measure the effectiveness of the third party's current control environment.
  
• Knowledge and experience in information security standards. (ISO 27001, NIST, CIS, OWASP Top 10, Security Essentials)
  
• Maintain close working relationships with appropriate teams across and outside of IT.