Cyber Security Manager, Cyber Risk - Inmar, Inc.

The Cyber Risk Manager is responsible for protecting Inmar’s assets from cyber threats. The Cyber Risk Manager is responsible for developing and implementing strategies to minimize risks, as well as ensuring our systems and data remain safe from malicious actors.

Primary Accountabilities:

Operational (60%)

Identify and Assess Cyber Risks:

• Proactive threat hunting: Analyzing threat intelligence feeds, monitoring security forums, and researching emerging vulnerabilities to anticipate potential attacks.
• Vulnerability scanning: Reviewing internal and external scans to identify software weaknesses that could be exploited by attackers.
• Security audits: Reviewing security policies, procedures, and technical controls to assess their effectiveness.
• Third-party risk assessment: Evaluating the security posture of vendors and partners who access your data or systems.

Analyze and Quantify Risks:

• Likelihood assessment: Estimating the probability of a specific threat occurring based on historical data, current intelligence, and attacker motivations.
• Impact assessment: Evaluating the potential consequences of a successful attack, considering factors like data breach, financial loss, operational disruption, and reputational damage.
• Exploitability assessment: Determining the ease with which an attacker could exploit a vulnerability or weakness.
• Developing risk matrices: Ranking risks based on their likelihood and impact to prioritize mitigation efforts.

Develop and Implement Risk Mitigation Strategies:

• Auditing the implementation of security tools and technologies like firewalls, intrusion detection systems, and data encryption to prevent or detect attacks.
• Adopt, implement and follow an enterprise risk management framework.
• Developing security policies and procedures: Establishing clear guidelines for user behavior, access control, and incident response.
• Security awareness training: Educating employees about cyber threats and best practices for secure computing.
• Incident response planning: Developing a plan for identifying, containing, and recovering from cyberattacks.

Monitor and Track Risk Metrics:

• Security dashboards: Utilizing tools to visualize real-time security data and track trends over time.
• Vulnerability tracking: Monitoring identified vulnerabilities and ensuring timely patching.
• Security incident analysis: Reviewing past incidents to identify root causes and improve future prevention efforts.
• Reporting and communication: Keeping stakeholders informed about risk posture, mitigation efforts, and incident activity.

Communicate and Collaborate:

• Presenting risk assessments and mitigation plans to leadership.
• Working with IT teams to implement security controls and maintain systems.
• Collaborating with other departments to raise awareness and enforce security policies.
• Communicating effectively during security incidents to minimize disruption and ensure coordinated response.

Administrative (40%)

• Coordinate regular external risk assessments (HIPAA, PCI, etc..) to identify security weaknesses.
• Stay current with the latest security threats and vulnerabilities, and implement appropriate mitigation strategies.
• Prepare and present reports on security risk metrics and trends to senior management.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Minimum 3 years of experience in cybersecurity risk management or a similar role; or any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the position
• Strong understanding of risk assessment methodologies (e.g., NIST, ISO 27001) and risk management frameworks (e.g., NIST, COSO).
• Experience with security tools and technologies such as vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) platforms.
• Certified in Risk and Information Systems Control (CRISC) or equivalent certification preferred.
• Excellent communication, collaboration, and analytical skills.
• Ability to work independently and manage multiple priorities in a fast-paced environment.

Individual Competencies:

• Integrity:  Gains the trust of others by taking responsibility for your own actions and telling the truth. Follows through on commitments and agreements; Respects confidentiality; Maintains confidentiality regardless of pressure from others.
• Analytical and Critical Thinking: Ability to tackle a problem by using a logical, systematic, sequential approach.
• Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.
• Communication:  Giving and receiving messages and information in written, oral, and visual formats concisely for a complete understanding of meaning and intent.
• Effective Execution: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.

• Authenticity: Builds legitimacy by being positive, trustworthy, and promoting openness through honest and
• Accountability: Sets clear goals, objectives, expectations, and responsibilities and monitors the process, progress and results to hold self and others accountable for measurable actions and results.
• Urgency: Transfers mission to action by acting clearly and decisively to analyze and implement solutions regardless of pressure or uncertainty and maintains a sense of urgency to complete tasks, accomplish goals, and act in ambiguous and complex situations.

The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job. Duties responsibilities and activities may change, or new ones may be assigned at any time with or without notice.

While performing the duties of this job, the associate is: 

• Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.
• Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.

Occasionally: Job requires this activity up to 33% of the time

As an Inmar Associate, you:

• Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.
• Treat clients and teammates with courtesy, consideration and tact; you also can perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.
• Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually beneficial partnerships, leverage information and achieve results.
• Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.
• Understand that results are important and focus on turning mission into action to achieve results following the principles of agile, dynamic execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.
• Support a safe work environment by following safety rules and regulations and reporting all safety hazards.

#LI-JM1

#LI-REMOTE