Cyber Risk Management Lead

Job Description :

• Understanding applicable regulations, guidelines , and industry best practices to manage risk and ensure compliance
• Developing, maintaining, or auditing security documentation such as policies, standards, and procedures
• Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc
• Conducting internal security assessments to ensure continued compliance
• Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture
• Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls
• Should be able to review RFPs (request for proposal) and provide responses for Cyber security related items
• Manage Risk Governance
• Implement / govern AWS Cloud and Office 365 Security
• Manage and support internal and external audits
• Follow up till closure on audit findings if any
• Manage dashboards and reports to keep track of priority events for IT and IS
• Create MOM for Board Meetings
• Vendor Evaluation for cyber security controls
• Firewall rules review for On-premises and AWS firewall
• Security Awareness : Create materials PPT / e-mailers and provide training as needed
• Incident management and Business continuity
• CISO dashboard and success reports
• Meet with business team to understand their business requirements from cyber security perspective
• Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.)
• Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL)
• At least one security certification is strongly preferred , such as Certified Information Security Management (CISM),
• Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
• Prior experience of management of technology infrastructure is preferred

ref : hirist.tech)