Description
Job Title: Senior Cyber Security Risk Management Analyst
Base Location: Dubai, United Arab Emirates
Job Type: Long Term Contract (12 Months, On Going Extensible)
Salary: $Very Competitive tax -free Package
Job Description:
Overview:
The primary job role of Senior Cyber Security Risk Management Analyst is ownership and end to end delivery/sustenance of cyber risk management framework for the organisation.
Detailed Job Description:
Risk Clinics:
- Understanding various departments, technologies, platforms, applications, processes etc. of the Organisation to enable effective risk management practices
- Conducting detailed risk sessions with individual risk units (application owners, platform/technology owners, department heads etc.) across the organisation to discuss and assess their current risk posture
- Probing risk units for all new/upcoming risks and crystallise them with their ratings into the Corporate Risk Register (CRR)
- Discussing and highlighting any overdue risks that need attention and focus to respective management leads for various ares
- Conducting a review of all high rated risks to validate their current status.
Risk Assessments:
- Leading risk assessments across technologies/applications/systems to determine the level of risk in cases of noncompliance to security policies and standards
- Preparing detailed reports for business overview of risks and their sign off.
- Propose alternate controls for risk mitigation
Management Reporting:
- Preparing monthly dashboards of risk status for all areas highlighting the total number of risks, all significant and overdue risks, breakdown of risks - response wise, rating wise etc.
- Conducting discussions around open and overdue significant risks with senior management to provide them visibility and seek their support in closing these risks.
- Deriving Key Risk Indicators (KRIs) on a monthly basis for all the risk units for various attributes such as - number of low, moderate, medium, significant and high risk ratings open, closed, terminated and overdue risks etc.
General/Other Responsibilities:
- Continuously striving to bring about risk process improvements to enable effective and efficient IT risk management practices across the organization
- Regularly following-up with risk unit owners/risk owners/mitigation action owners for any open/overdue risks in their respective areas.
- Maintain regular awareness of risks across IT through various channels like broadcasts, clinics, emails etc.
Experience Required:
- Minimum 8 years of experience in Information Security and Risk Management functions.
- Experience in IT Risk, Audit, Compliance and Assurance reviews is preferred