Cyber Risk Specialist

Responsibilities:

• Collaborate with IT, security, and compliance teams to assess the organization's cyber risk landscape and develop risk management strategies.
  
• Conduct thorough cyber risk assessments to identify vulnerabilities and potential threats across systems, networks, applications, and data.
  
• Analyze and evaluate the effectiveness of existing cybersecurity controls and practices to identify gaps and areas for improvement.
  
• Develop and implement risk mitigation plans and strategies to address identified vulnerabilities and weaknesses.
  
• Monitor and assess emerging cyber threats, vulnerabilities, and attack trends, and provide recommendations for proactive risk management.
  
• Contribute to the development and implementation of cybersecurity policies, procedures, and guidelines.
  
• Collaborate with internal and external stakeholders to ensure compliance with relevant regulatory frameworks and standards (e.G., GDPR, ISO 27001, NIST).
  
• Assist in conducting internal and external cybersecurity audits and assessments.
  
• Provide technical expertise and guidance to teams involved in incident response and recovery efforts.
  
• Develop and deliver cybersecurity training and awareness programs to educate employees about best practices and security measures.
  
• Stay up-to-date with the latest cybersecurity trends, tools, and technologies to inform risk assessment and mitigation strategies.
  
• Prepare and present comprehensive reports on cyber risk assessments, findings, and recommendations to leadership.
  

Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent practical experience).
  
• Proven experience as a Cyber Risk Specialist, Cybersecurity Analyst, or similar role, with a deep understanding of cybersecurity principles and risk management.
  
• Strong knowledge of cyber threat landscape, attack vectors, and common vulnerabilities.
  
• Familiarity with industry cybersecurity frameworks and standards such as NIST, ISO 27001, CIS Critical Security Controls.
  
• Experience in conducting risk assessments, vulnerability assessments, and penetration testing.
  
• Strong understanding of network and system security principles, including firewalls, intrusion detection/prevention systems, encryption, and authentication protocols.
  
• Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively.
  
• Knowledge of security tools and technologies, including SIEM, IDS/IPS, antivirus, and endpoint security solutions.
  
• Effective communication skills to convey technical concepts to non-technical stakeholders.
  
• Ability to work collaboratively in a team environment and across different departments.
  
• Relevant cybersecurity certifications (e.G., CISSP, CISM, CRISC) are a plus.
  
• Experience with incident response and business continuity planning is advantageous.
  
• Familiarity with cloud security and mobile security best practices is a plus.
  
• Understanding of legal and regulatory requirements related to data protection and privacy is beneficial.