The Regional Information Security Risk Manager will develop strategic objectives based on Enterprise Cyber Security direction and is responsible for information security control, cyber awareness alignment across regional lines of business.
This role is the key point of contact for all Cybersecurity related matters, ensuring delivery and support of all Enterprise Cyber Security programs and solutions. You will understand the business, the regional cyber laws, the regional risks and align the three.
- Align the regional business leadership’s direction with Enterprise Cyber Security strategy.
- Act as Enterprise Cyber Security liaison in the region and the main cyber contact for the region.
- Facilitate and bring security oversight to integration of acquisitions.
- Governance & Policy – be the subject matter expert on Regional cyber laws, requirements as well as global cyber policies. Identify gaps and propose changes or edits to local or global policies. Facilitate the implementation of cyber requirements needed to be met within the region. Be the subject matter expert on local cyber laws and compliances.
- Risk Management – Assess the cyber risk within the region. Maintain visibility and awareness to cyber risks. Keep Enterprise Cyber Security as well as in country / region teams (IT, affiliate, business) informed of the current risk posture and recommended controls to alleviate the risk.
- Incident Response (IR) – help in region / country connect with the Cyber Incident Response team when a Cyber incident is identified. Be the in country / region IR liaison during a cyber incident.
- Education & Awareness – work on cyber training and awareness programs that are focused on the region and country. Work with the Education & Awareness team to create content and training.
- Architecture – Inform Enterprise Architecture teams of regional projects as well as changes to existing IT architecture. Assess IT projects for cyber risk and propose design and/or controls when needed.
- Operations – Assist Operations with technical issues pertaining to cyber tools and technology
- Bachelor's degree in Information Security, Computer Science, or related field; or equivalent experience
- 5+ years of hands-on experience directly related to the area of threat and vulnerability management, web application security, penetration testing or cyber threat intelligence
- Experience working in large scale environments
- 3+ years with vulnerability scanners like Rapid 7, InsightVM, Qualys, OpenVAS
- 3+ years with DAST / web application security scanners like Acunetix, Burp Suite, ZAP
- 3+ years with tools like Nmap, Recon-ng, and WMI to identify network nodes, services, configurations, and vulnerabilities that an attacker could use as an opportunity for exploitation.
Please apply now or contact firstname.lastname@example.org to arrange a confidential chat.