Cyber Risk Analyst

Support the team in implementing and maintaining a risk-based approach to prioritize the development of secure patterns for high-risk assets or activities.

Cooperate with group structures for cyber risk management activities.

Utilize the corporate cyber risk management platform to manage the cyber risk register.

Manage the Exceptions process related to policies, standards, and guidelines.

Monitor and review security controls to assess their operational effectiveness.

Facilitate audits and address any findings noted by the cybersecurity department.

Support cybersecurity compliance efforts related to GDPR, SOX, and PCI/DSS.

Provide comprehensive reporting to management on all aspects of cyber risk as required.

Metrics and Reporting:

1. Create reports on risk status, KRIs, and communicate findings during Enterprise Risk Committee meetings.
2. Develop visual dashboards for board directors to monitor risks.
3. Evaluate the effectiveness of adopted metrics.

Requirements:

1. Master’s degree in computer science or Telecommunication Engineering.
2. Knowledge of norms and standards in privacy and information security (HIPAA, NY DFS, GDPR, CCPA, ISO/IEC 27000, NIST, PCI DSS, etc.).
3. Familiarity with main Risk Management / Control Frameworks (COSO, COBIT, ISO, ITIL, NIST, FAIR, etc.).
4. Ability to articulate cyber risk management concepts to diverse audiences.
5. Proficiency with cyber risk management tools and experience in their use.
6. Strong understanding of ICT services and architectures.
7. Certifications such as CISSP, CISA, CISM, SANS GIAC, SABSA are considered a plus.

Experience:

1. 2-4 years in a similar role.
2. Excellent verbal and written communication skills.
3. Constructive and proactive stakeholder interaction, respecting diverse work roles and needs.

Sede