Cybersecurity Risk Specialist

Job Description:

• The Cybersecurity Risk Specialist is responsible for identifying, assessing, and mitigating cybersecurity risks across the organization.
• This role requires in-depth knowledge of risk management frameworks, threat modeling, and security controls to protect sensitive information and ensure compliance with the National Cybersecurity Authority (NCA) standards and regulations.
• The Risk specialist will work collaboratively with cross functional teams to implement effective risk management strategies and support the organization’s digital transformation goals.

Duties and Responsibilities: 

• Develop, implement, and maintain the organization cybersecurity risk management framework in alignment with industry standards (NCA Regulations, ISO 27005, ISO 31000 & NIST).
• Conduct comprehensive risk assessments to identify vulnerabilities, threats, and risks associated with IT systems, networks, and applications.
• Collaborate with internal departments to ensure security policies and controls are integrated into business processes.
• Analyze the effectiveness of existing security measures and mitigation recommendations & improvements to mitigate risks.
• Monitor and report on the organization cybersecurity risk posture, providing regular updates to management and stakeholders.
• Ensure compliance with legal, regulatory, and contractual cybersecurity requirements, including NCA standards and regulations.
• Lead or assist in incident response activities to minimize the impact of cybersecurity breaches.
• Support the organization efforts in conducting vulnerability assessments and penetration testing.
• Provide guidance and training to employees on cybersecurity risks and best practices.
• Maintain up to date knowledge of emerging threats, vulnerabilities, and industry trends.

Experience And Qualifications  

• At least two years of experience in the field of cyber security.
• Has previous experience, has obtained courses and certificates in cybersecurity.
• Certifications such as CIRSC, ISO 27001 LI/LA, 27005, 31000 are preferred
• Strong analytical and problem-solving skills with a detail-oriented mindset.
• Excellente communication and interpersonal skills to interact with technical and non-technical stakeholders.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Proficient in using risk assessment & GRC tools and technologies.
• Strong understanding of cybersecurity principles, including threat modeling, risk assessment methodologies, and incident response.
• High level of integrity and ethical conduct in handling sensitive information.
• Passion for staying updated on the latest cybersecurity trends and technologies.