Cyber Risk Management Lead

Job Description

Experience: 5 to 10 Years Job Description We are looking for a Cyber Risk Management Lead to identify and mitigate risks. The candidate should have solid task management skills and effective communication abilities. They must be able to respond quickly to security incidents and have at least 5 years of experience in Cybersecurity Risk management. The ideal candidate should have an understanding and practical experience with enterprise IT infrastructure components like O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi-factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP, etc., along with cloud environments, particularly AWS (required). Detailed Job Description Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance Developing, maintaining, or auditing security documentation such as policies, standards, and procedures Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc. Conducting internal security assessments to ensure continued compliance Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls Reviewing RFPs (request for proposal) and providing responses for Cybersecurity related items Managing Risk Governance Implementing/governing AWS Cloud and Office 365 Security Managing and supporting internal and external audits Following up till closure on audit findings if any Managing dashboards and reports to keep track of priority events for IT and IS Creating MOM for Board Meetings Evaluating Vendors for cyber security controls Reviewing firewall rules for On-premises and AWS firewall Creating Security Awareness materials (PPT/e-mailers) and providing training as needed Managing incidents and Business continuity Preparing CISO dashboard and success reports Meeting with business team to understand their business requirements from cyber security perspective Basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL) Having at least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP) Prior experience in management of technology infrastructure is preferred Skills: incident management,proxy,ips/ids/hips,dns,cyber,risk governance,internal security assessments,routers/switches,security documentation,multi-factor authentication,risk,dhcp,risk management,o365 suite,av/edr,advanced firewalls,security,audit requirements,vendor evaluation,vpn,security certifications (cism, crisc, cissp),web proxy,cloud,aws,virtualization,waf,dlp,industry best practices (nist, iso, owasp, itil),task management,cybersecurity risk management,business continuity,cyber security,effective communication,email systems/security