Cybersecurity Risk Manager

Company Description

Arηs Group, Part of Accenture, specializes in the management of complex public sector IT projects, including systems integration, informatics and analytics, solution implementation and program management. Our team helps lead clients through digital and information systems design, bringing expertise in a variety of areas ranging from software development, data science and security management to machine learning, cloud, and mobile development.
Arηs Group was acquired by Accenture in July 2024. 

Job Description

• Develop an organisation’s cybersecurity risk management strategy
• Manage an inventory of organisation’s assets
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems
• Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential
• Assess cybersecurity risks, and propose most appropriate risk treatment options, including security controls, and risk mitigation and avoidance that best address organisation’s strategy
• Monitor effectiveness of cybersecurity controls and risk levels
• Ensure that all cybersecurity risks remain at an acceptable level for the organisation’s assets
• Develop, maintain, report and communicate complete risk management cycle

Qualifications

• Master's degree plus 9 years of experience.
• Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls
• Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards
• Enable business assets owners, executives, and other stakeholders to make risk informed decisions to manage and mitigate risks
• Enable employees to understand, embrace and follow the controls
• Build a cybersecurity risk-aware environment
• Advanced knowledge of risk management frameworks, standards, methodologies, tools, guidelines and best practices
• Knowledge of cyber threats, threats taxonomies and vulnerabilities repositories
• Knowledge of risk sharing options and best practices
• Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks
• Knowledge of monitoring, implementing and testing the effectiveness of the controls
• Analyse and consolidate organisation’s quality and risk management practices
• Communicate, present and report to relevant stakeholders
• Propose and manage risk sharing options
• Excellent knowlegde of English equal to C1 according to CERF levels.
• Experience in making Business Impact Assessments
• Knowledge on risk assessment implementation in GRC Service Now
• Experience in preparing personal data protection documentation and tools for graphical and programmatic threat modelling.
• Experience in threat modelling for DevOps and in designing Zero Trust Architecture
• Experience in Securing Software Development Lifecycle and designing controls for defending Directory Services

At least 4 certification among:

• CISSP (Certified Information Systems Security Professional) 
• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• GSNA (GIAC Certified Systems and Network Auditor)
• GCCC (GIAC Certified Critical Controls)
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• CAP ((ISC)2 Certified Authorization Professional)
• CRISC (ISACA Certified in Risk and Information Systems Control)
• CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional)
• GIAC Certified ISO-27000 Specialist or equivalent certification recognized internationally

Additional Information