IT Risk Manager

Key Responsibilities:

Risk Management

• Conduct comprehensive IT risk assessments and develop risk mitigation strategies.
• Identify and evaluate emerging security threats and vulnerabilities, providing recommendations for remediation.
• Collaborate with various departments to assess and manage IT risks across the organization.

Security Operations

• Monitor and respond to security incidents promptly with the assistance of our MSSP.
• Oversee the implementation and maintenance of security technologies, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Ensure compliance with security policies, standards, and regulations, including those mandated by the relevant financial regulators.

Policy Development and Compliance

• Develop, implement, and maintain IT security policies, procedures, and standards.
• Conduct regular security audits and assessments to ensure compliance with internal and external requirements.
• Provide guidance on regulatory requirements related to IT security (e.g., GDPR, PDPA).

Incident Response

• Lead incident response efforts, including investigation, containment, and remediation of security incidents.
• Coordinate with internal and external stakeholders to ensure timely resolution of security incidents.
• Develop and maintain incident response plans and playbooks.
• Ensure robust cybersecurity measures for the organization’s adopted cloud technologies.
• Develop and implement security controls and best practices for cloud environments.
• Conduct regular assessments and audits of cloud security posture.
• Promote security awareness across the organization through training and communication initiatives.
• Stay current with industry trends and best practices in IT security and risk management.

Cloud Security

• Ensure robust cybersecurity measures for the organization’s adopted cloud technologies.
• Develop and implement security controls and best practices for cloud environments.
• Conduct regular assessments and audits of cloud security posture.

Awareness and Training

• Promote security awareness across the organization through training and communication initiatives.
• Stay current with industry trends and best practices in IT security and risk management.

Required Skills:

• Bachelor’s degree in Computer Science, Information Technology, or a related field. A master’s degree is a plus.
• 5+ years of experience in IT security and risk management.
• Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS).
• Experience with security technologies such as SIEM, IDS/IPS, firewalls, and endpoint protection.
• Proven ability to manage and respond to security incidents.
• Excellent communication and interpersonal skills, with the ability to work collaboratively with cross-functional teams.
• Good understanding of cybersecurity for cloud technology.

Nice-to-Haves

• Experience working with MSSP vendors.
• Relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
• Familiarity with cloud security and risk management (e.g., AWS, Azure, Google Cloud).
• Strong analytical and problem-solving skills.
• Familiarity with regulatory guidelines.