Our client is seeking an experienced Cyber Risk Lead to take ownership of their company's cyber risk management framework.
This role is pivotal in ensuring the business maintains a proactive approach to managing cyber risks, aligning with our risk tolerance, and safeguarding against emerging threats.
The successful candidate will be responsible for maintaining the risk register, onboarding and assessing third-party suppliers, and leading the overall strategy around risk tolerance.
With a solid background in cyber security and ideally some exposure to Operational Technology (OT), you will ensure that risks are identified, quantified, and effectively managed across all business areas. You will be required to work from our Cardiff office one day per week, with the flexibility to work remotely for the rest of the time.
Key Responsibilities:
- Manage the Cyber Risk Register: Ensure the ongoing management, review, and updating of the risk register to reflect the current risk posture of the organization. This includes identifying, evaluating, and mitigating cyber risks.
- Risk Tolerance Strategy: Define, implement, and regularly review the company’s cyber risk tolerance levels, ensuring alignment with business objectives and industry standards.
- Third-Party Risk Management: Lead the onboarding and assessment of third-party suppliers to ensure they meet the company's security requirements. This includes conducting risk assessments, reviewing contractual agreements, and ensuring third-party compliance with regulatory requirements.
- Risk Mitigation: Work closely with internal teams to implement appropriate risk mitigation strategies, ensuring both IT and OT environments are covered.
- Collaborative Leadership: Liaise with senior stakeholders, including the CISO and legal, compliance, and procurement teams, to drive risk-related discussions and ensure cross-departmental alignment.
- Incident Response and Reporting: Collaborate with the security operations team to ensure proper risk-handling procedures are followed in case of incidents and provide comprehensive risk reporting to senior management.
- Policy and Framework Development: Develop and enhance cybersecurity risk management policies and frameworks that align with industry best practices, including NIST, ISO 27001, and other relevant standards.
Essential Skills and Experience:
- Proven experience in cybersecurity risk management , with a strong technical understanding of cyber risk.
- Experience with managing risk registers and establishing risk tolerance levels.
- Solid experience in third-party risk management and supplier onboarding processes.
- A strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001).
- Knowledge and experience in conducting cyber risk assessments and implementing effective mitigation strategies.
- Ability to work with cross-functional teams and influence decision-making at senior levels.
- Experience working in an OT (Operational Technology) environment is highly desirable.
Desirable Skills:
- Experience with OT-specific cybersecurity risks.
- Knowledge of cloud security and associated risk models.
Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field (or equivalent experience).
- Relevant certifications such as CISSP, CRISC, CISM , or similar are highly desirable.
Location Requirements:
- Must be able to travel to the Cardiff office one day per week . The remainder of the week can be worked remotely.
