Cyber Risk Manager/AM(Red Team)45-70K+bonus
Your new company
Leading Regional Retail Conglomerate
Your new role
- Plan and execute periodic in-house and external red-team exercises of the company, and oversee the implementation of rectification measures.
- Evaluate existing cyber defences against MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
- Perform per-launch penetration testing exchange-related systems, products and applications upon request.
- Monitor and analyse emerging cyber threat of the company, having regard to cyber intelligence and threat landscape related to relevant Group entities.
- Escalate major cyber risks to senior management and relevant stakeholders in a timely manner, and coordinate measures for addressing the risk.
- Conduct specialist investigation into significant cyber incidents or control lapses.
- Deliver an effective independent cyber security review strategy, covering specialist reviews and tests on cyber security controls.
- Provide specialist support to ongoing cyber awareness training and phishing test.
- Provide specialist support to the formulation of effective strategy, framework and structure for managing cyber risk of the company and the implementation through collaboration with relevant stakeholders.
- Provide specialist support to the delivery of effective governance on cyber risk, covering the risk appetite, risk metrics, risk monitoring and governance reporting
What you'll need to succeed
- University degree in information security, computer science, or related fields of study
- At least 5 years of relevant experience in cyber risk management, preferably in financial services sector or professional services for clients in financial services, insurance or retail industry
- Solid experience in monitoring and analysing cyber risk and intelligence, planning and delivering red-team exercises, organizing cyber drills and overseeing cyber incident management, conducting cyber security reviews and tests, cyber forensic practices, cyber awareness training and phishing tests
- Hands-on security operations, threat intelligence, incident response, detection engineering and other related experience would be beneficial
- Demonstrate good knowledge in IT environment and cyber related controls from both a tactical and strategic viewpoint
- Proven track record in initiating and implementing significant changes or projects involving different stakeholders and aligning their interests.
- At least one of the relevant certification/accreditations required such as CREST (CCSAS/CCSAM/CCT), OSCE3 (OSWE/OSED/OSEP), OSCP, GIAC (GXPN/GCPN/GWAPT/GPEN)
What you need to do now
If you're interested in this role, send your cv to firstname.lastname@example.org