Risk Manager - Cybersecurity
Job no: 492880
Work type: Full time
Categories: Risk Advisory Services
- Provide client management with guidance on IT security risk management, particularly on application, database, operating system and network infrastructure security. Help identify improvement opportunities for clients and write/QA reports for clients with recommendations for identified findings.
- Perform technology risk assessments, manage technical security related reviews, assess the effectiveness of processes/controls and risks related to third party organisations.
- Manage completion of each assignment, being accountable for high-quality standards, delivery within budget and on or before deadlines, while managing the progress of other assignments.
- Manage the engagement, mentor and coaching the team, and IT internal audit methodology compliance.
- Work closely with other Risk Advisory team members in delivery of reviews.
- Assists partners/principals in business development activities, including identification of opportunities.
- Relevant tertiary degree and/or qualification is essential.
- Relevant professional certification/qualification is essential, e.g., Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®); Certified in Risk and Information Systems Controls® (CRISC®); etc.
Demonstrated Experience & Attributes
- Minimum 5-9 years’ experience in IT technical delivery, IT audit, internal controls or risk management.
- Experience performing and managing security risk assessments, testing or auditing of cybersecurity or information security standards or governance frameworks (e.g. one or more of COBIT, NIST Cyber Security Framework, ACSC Top 35 and Essential Eight, PCI DSS, CIS Critical Security Controls Top 20, PSPF, Australian Government Information Security Manual, VPDSS, ISO/IEC 27001, Cloud Security Alliance Guidance, Australian Privacy Principles, GDPR).
- Experience overseeing engagements where teams are completing vulnerability assessments and penetration tests, able to translate technical findings and articulate recommendations for non-technical client staff.
- Knowledge of IT processes, project management, applications, databases, operating systems and network infrastructure to apply better practice guidance and identify opportunities for improvement.
- Outstanding interpersonal and communications skills, able to communicate effectively in verbal and written format with technical and non-technical audiences.
- Experience managing a client portfolio, able to provide first class service in response to client demands.
- Strong attention to detail and prioritising skills, able to produce high quality work autonomously and as part of a team.
Advertised: AUS Eastern Standard Time
Back to search results Apply now Refer a friend