Cyber Risk Manager (The Risk Navigator) - Unreal Gigs
San Francisco, CA
About the Job
Introduction:
Are you a cybersecurity professional with a knack for identifying, assessing, and mitigating cyber risks in today’s fast-paced digital landscape? Do you have the strategic mindset to design risk management frameworks that help organizations stay ahead of potential threats? If you’re passionate about guiding companies through the complex world of cyber risks while balancing security with business needs, then our client has the perfect opportunity for you. We’re searching for a Cyber Risk Manager (aka The Risk Navigator) to lead our efforts in managing and minimizing cyber risks.
Imagine being the go-to person for all things related to cyber risk, working with teams across the organization to create proactive solutions that protect against potential threats. As the Cyber Risk Manager at our client, you’ll be responsible for developing risk management strategies, performing risk assessments, and ensuring that cyber risks are effectively communicated and mitigated. This role is about more than just identifying risks—it’s about building resilient frameworks that keep the organization safe in an ever-evolving threat landscape.
Key Responsibilities:
- Risk Assessment and Analysis:
- Conduct thorough assessments of the organization’s digital assets to identify potential cyber risks and vulnerabilities. You’ll evaluate the likelihood and impact of these risks and provide detailed reports with actionable insights for mitigation.
- Develop, implement, and maintain a comprehensive cyber risk management framework that aligns with industry standards such as NIST, ISO 27001, and COBIT. You’ll establish processes for identifying, analyzing, and addressing cyber risks on an ongoing basis.
- Work with IT, security, and business teams to develop and implement risk mitigation strategies. You’ll ensure that appropriate controls are in place to protect critical assets and that these controls are regularly reviewed and updated.
- Communicate cyber risks to senior leadership, business units, and technical teams, ensuring that everyone understands potential threats and the necessary steps to mitigate them. You’ll create reports and presentations that highlight key risks and progress on risk reduction efforts.
- Ensure that the organization’s risk management practices comply with relevant regulations such as GDPR, HIPAA, and PCI-DSS. You’ll prepare for audits, manage compliance reporting, and help the organization maintain a strong regulatory posture.
- Assess and manage cyber risks related to third-party vendors, ensuring that their security practices align with organizational standards. You’ll conduct vendor risk assessments and ensure that third-party relationships are managed securely.
- Collaborate with the security and incident response teams to address cyber incidents and integrate lessons learned into the risk management framework. You’ll adapt risk strategies based on emerging threats and evolving business needs.
Requirements
Required Skills:
- Risk Management Expertise: Strong understanding of cyber risk management frameworks (e.g., NIST, ISO 27001, COBIT) and industry best practices. You can design, implement, and maintain risk management programs tailored to business needs.
- Analytical Skills: Exceptional analytical skills with the ability to assess complex risks, prioritize them based on business impact, and develop practical solutions. You’re skilled at quantifying and communicating risks to both technical and non-technical stakeholders.
- Compliance Knowledge: Familiarity with regulatory requirements such as GDPR, HIPAA, PCI-DSS, and the ability to ensure that risk management practices align with these regulations. You know how to balance compliance with security best practices.
- Communication Skills: Excellent communication and interpersonal skills, with the ability to present cyber risk information clearly to senior leadership and technical teams. You ensure that risk is a shared responsibility across the organization.
- Incident Response Experience: Experience working with incident response teams to address cyber risks during and after security incidents. You’re skilled at using incidents as learning opportunities to improve the overall risk posture.
- Problem-Solving and Strategic Thinking: Strong problem-solving and critical thinking skills, with the ability to develop strategic risk mitigation plans that align with the company’s objectives and priorities.
- Humor: A great sense of humor, because even in the serious world of cyber risk management, we believe in creating a positive and enjoyable work environment. If you can navigate tough discussions about risk while keeping the mood light, you’re our kind of manager.
Educational Requirements:
- Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Risk Management, or a related field. Equivalent experience with a proven track record in cyber risk management is also valued.
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified in Risk Management Assurance (CRMA) are highly desirable.
Experience Requirements:
- 5+ years of experience in cyber risk management or cybersecurity, with a focus on identifying and mitigating risks in complex IT environments. You’ve successfully designed and implemented risk management programs.
- Proven experience working with compliance frameworks such as NIST, ISO 27001, and PCI-DSS, and managing risk within regulated industries such as finance, healthcare, or government.
- Experience assessing third-party vendor risks and managing risk in cloud or hybrid environments is a plus.
Benefits
- Health and Wellness: Comprehensive medical, dental, and vision insurance plans with low co-pays and premiums.
- Paid Time Off: Competitive vacation, sick leave, and 20 paid holidays per year.
- Work-Life Balance: Flexible work schedules and telecommuting options.
- Professional Development: Opportunities for training, certification reimbursement, and career advancement programs.
- Wellness Programs: Access to wellness programs, including gym memberships, health screenings, and mental health resources.
- Life and Disability Insurance: Life insurance and short-term/long-term disability coverage.
- Employee Assistance Program (EAP): Confidential counseling and support services for personal and professional challenges.
- Tuition Reimbursement: Financial assistance for continuing education and professional development.
- Community Engagement: Opportunities to participate in community service and volunteer activities.
- Recognition Programs: Employee recognition programs to celebrate achievements and milestones.