Cyber Risk Management Specialist

Position Overview: Cyber Risk Management Specialist

Remote Work Opportunity - Occasional Office Visits Required.

Essential Qualifications:

a) Proven technical security experience with a diverse array of Azure services.

b) Microsoft Certified: Cybersecurity Architect Expert.

c) In-depth knowledge of:

Azure Cloud and Microsoft 365 security frameworks, solutions, and upcoming developments.

Azure Key Vault, Azure Kubernetes Service, Azure Active Directory, Defender for Cloud, Azure Monitor, Azure API Management, Application Gateway.

Additional certifications in other Azure security domains are advantageous.

Role Description:

Under the guidance of the Section Chief (Governance, Risk, Compliance & Data Security), the Cyber Risk Management Specialist will deliver expertise in information risk management and IT security. This role encompasses risk evaluation, advisory services, policy formulation, standards development, and enhancement of best practices. The candidate will collaborate with project teams, service providers, and various business units both within and outside the IT function. The ideal candidate will possess practical risk management experience, enabling the organization to fulfill its current and future business objectives while adhering to established security policies and risk appetite.

Key Responsibilities:

• Conduct comprehensive information security risk assessments (Certification and Accreditation) for projects, new technologies, external service providers, and IT modifications. Provide guidance on suitable risk mitigation strategies.

• Effectively communicate requirements and train staff and managers in IT divisions to recognize and manage risks throughout the project lifecycle.

• Report on risk metrics to IT management and governance bodies.

• Maintain impartiality regarding IT systems to generate unbiased reports on information security risks.

• Perform quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.

• Oversee the engagement process with external risk assessment providers and act as a liaison with internal IT project teams and business units.

• Support the organization's ISO 27001 certification by promoting adherence to policies and standards among IT staff and managers. Stay informed about international information security standards such as ISO 27001/27002 and relevant regulations.

• Assist in developing the organization's enterprise security architecture standards across business, information, infrastructure, and application levels. Provide subject matter expertise on enterprise security architecture and influence the selection of tools and technologies to uphold security architecture standards.

• Advocate for information security by collaborating closely with IT project team leaders, service providers, and business units to offer security-related technical solutions. Identify opportunities for enhancing business practices or IT security processes.

• Analyze, recommend, and implement process improvements within the context of information security.

• Collaborate with IT project teams to formulate implementation plans for new security-related products and services.

• Coordinate the preparation and presentation of user technical support and training materials to ensure the effective and secure use of information and communication technology.

• Facilitate and support security governance initiatives.

• Prioritize, monitor, and evaluate compliance and audit recommendation outcomes to ensure they are thorough, robust, and of high quality.

Experience Requirements:

• Experience in Information Risk Management within organizations with regulatory compliance mandates.

• Implementation of Vendor Risk Assessment frameworks.

• Demonstrated IT Security expertise across infrastructure, network, applications, and database technologies, including endpoints.

• Participation in delivering Enterprise Security Architecture principles and service management concepts, along with experience using quality assurance tools and techniques.

• Proven track record in enhancing Application Security processes and minimizing vulnerabilities.

• General infrastructure Vulnerability Management experience.

• Familiarity with incident response processes.

• Application of project management and systems development methodologies, including managing IT administrative and capital development project budgets.

• Delivery of Security awareness initiatives.

• Knowledge of administrative regulations, processes, and technology capabilities.

Skills:

• Broad technological familiarity complemented by in-depth knowledge in specific relevant areas.

• Quick comprehension of new technologies and their application to achieve business objectives.

• Analytical skills that enable the synthesis of inputs from various sources, facilitating strategic thinking and tactical execution.

• Interpersonal skills that foster openness and trust among colleagues.

• Facilitation and conflict management skills that promote effective working relationships.

• Strong spoken and written communication skills, capable of articulating complex technical concepts to non-technical stakeholders.

• Pragmatic security expertise with the ability to balance security requirements with business realities.

• Excellent relationship management capabilities.

• Ability to manage multiple tasks simultaneously.

• Lateral thinking skills to propose detailed, complex solutions to technical challenges.

Educational Background:

• Advanced degree in Information Security with a minimum of 5 years of experience in regulated industries as an information risk manager or IT security architect; or

• Bachelor's degree in Information Security with a minimum of 10 years of experience in regulated industries as an information risk manager or IT security architect; or

• Advanced university degree in computer science, engineering, mathematics, business, or a related field, plus a minimum of 12 years of relevant experience in regulated industries as an information risk manager or IT security architect.

• Experience in delivering an IT Security Strategy and Architecture.

• Conducting Information Security Risk and architecture assessments, including consulting on threat modeling and appropriate tiering of N-tier applications.

• Consulting on the implementation of authentication, authorization, and cryptography mechanisms within applications.

• Experience with Identity and Access Management suite integration, Web services, and SOA security.

• Defining policies, standards, and guidelines for Information Security activities, including Application and Infrastructure Security Vulnerability management.

• Ability to consult on hardening application and infrastructure components and ensuring security integration into the SDLC.

• Managing and reviewing outputs of Application and Infrastructure Security assessments conducted by external security firms.

• Knowledge of OWASP, WASC, SANS, CVE, and CVSS.

General Security Knowledge:

• Familiarity with ISO 27001: knowledge, implementation, and management.

• Understanding of risk management concepts and principles, including assessment, prioritization, and delivery of treatment plans.

• Embedding security into processes such as SDLC and ITIL.

• Basic project management and consultancy skills.

• Knowledge of security solutions, current threats, and countermeasures.

Certifications: (Minimum + at least 2 preferred)

• CISSP (minimum).

• GIAC, GSSP-NET, GWAPT, GPEN (preferred).

• CISM (preferred).

Skills Required:

Risk analysis, risk assessment, CISSP, information security, IT risk, security controls, CCSP, risk management, security compliance, Azure, assessment, certification.

About TEKsystems:

We are partners in transformation, assisting clients in activating ideas and solutions to leverage new opportunities. Our team of 80,000 professionals collaborates with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe, and Asia. As an industry leader in Full-Stack Technology Services and Talent Services, we work with forward-thinking leaders to drive meaningful change. This is the essence of true partnership. TEKsystems is a proud member of the Allegis Group.

TEKsystems is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information, or any characteristic protected by law.