ICT Security Risk Officer Senior
دوام كامل
في Sabeo Holdings Ltd
في
Ireland
نُشرت يوم February 4, 2025
تفاصيل الوظيفة
Hybrid remote - 2 days a week onsite. The Risk Officer role deals with trying to predict and manage Cybersecurity risk within the organization. The role is demanding and involves assessing the threats posed to the company from various sources and translating that into a model that can be used to efficiently direct resources and expenditures for maximum return. Requirements:
- 7 years of Cybersecurity experience with a demonstrable focus on Risk assessment/Risk management
- Cyber Security Risk management by engaging with stakeholders through whichever medium is most appropriate
- Design and management of a working vulnerability management process that improves communication of risks and makes identification of actions easier
- Delivery of penetration testing on internal systems and applications as required. All tests must include a findings report and a follow-up with stakeholders to agree on actions required for mitigation
- Periodic reporting on Cyber Security Posture within the Revenue
- Develop and maintain a cybersecurity risk model representing systems, services, and data.
- Generate and maintain a threat actor assessment model
- Identify Threat Actors and motivations to use as a template for risk profile assessment.
- Apply these profiles to the risk model to provide a more complete risk assessment of identified threats.
- Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector, FinTech or Public Services organization
- Experience in penetration testing involving any or all of:
- Experience with the application of the MITRE Att&ck framework
- Attack simulation and risk modeling
- Report writing and delivery of results
- Working as part of a team to deliver cross-discipline projects
- Experience of team leadership in a security environment
- Generate, Maintain and assess Cybersecurity Incident Response plans based on threat scenarios
- Preparing Incident documentation and procedures in anticipation of an incident.
- Baseline scenario generation and assessment against the existing incident preparation material.
- Adding new scenarios and adapting as our status changes
- Using penetration testing techniques to analyze company web applications and internal systems
- Reporting on findings and offering researched solution advice
- The Risk Officer will lead a project to pull together information from relevant sources with the aim of building an accurate risk profile of Company systems and services. This risk profile will then be used to generate modified risk scores for CVEs as well as generate impact assessments.
- The Risk Officer must build an in-depth knowledge of Company systems and technologies in order to correctly model the environment. A strong technical understanding and applicable hands-on experience would be seen as an advantage.
- Meet with SIEM vendor or vendors and service providers to ensure that use cases match our risk profile and to identify the optimum information resources for SIEM ingestion.
- Ownership and management of the Cybersecurity Risk and Vulnerability management process through its lifecycle.
- Lead security resources in developing processes, administration of the RVM, reporting and co-ordination of risks to relevant stakeholders.
- Provide insight, co-ordination and input into projects at project initiation/HLD stage. This will require an ability to read and review project plans and provide feedback or ask for clarifications.
- Participate in projects that require security input and activities and provide support for other teams to ensure security by design principles are adhered to.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.
