Cybersecurity Risk Manager (Warsaw, onsite) – EU Public Agencies

About The Position

Requirements

• Minimum level of education: Level 7.
• Minimum English language skills (CEFR): C1.
• Minimum IT relevant professional experience (years): 9.
• Minimum experience at similar position (years): 6.
• At least 4 certifications among the list below: (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), GSNA (GIAC Certified Systems and Network Auditor), GCCC (GIAC Certified Critical Controls), ISO 27001 Lead implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP ((ISC)2 Certified Authorization Professional), CRISC (ISACA Certified in Risk and Information Systems Control), CISSP-ISSMP ((ISC)2 Certified Information Systems Security Management Professional), GIAC Certified ISO-27000 Specialist, Or an equivalent certification recognised internationally (subject to acceptance as a valid credential by the Contracting EU-I).
• Advanced knowledge of risk management frameworks, standards, methodologies, tools, guidelines and best practices.
• Knowledge of cyber threats, threats taxonomies and vulnerabilities repositories.
• Knowledge of risk sharing options and best practices.
• Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks.
• Knowledge of monitoring, implementing and testing the effectiveness of the controls.
• Experience in making Business Impact Assessments.
• Knowledge on risk assessment implementation in GRC Service Now.
• Experience in preparing personal data protection documentation.
• Experience in tools for graphical and programmatic threat modelling.
• Experience in threat modelling for DevOps.
• Experience in designing Zero Trust Architecture.
• Expirience in Securing Software Development Lifecycle.
• Experience in designing controls for defending Directory Services.

Responsibilities

• Develop an organisation’s cybersecurity risk management strategy.
• Manage an inventory of organisation’s assets.
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems.
• Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential.
• Assess cybersecurity risks, and propose most appropriate risk treatment options, including security controls, and risk mitigation and avoidance that best address organisation’s strategy.
• Monitor effectiveness of cybersecurity controls and risk levels.
• Ensure that all cybersecurity risks remain at an acceptable level for the organisation’s assets.
• Develop, maintain, report and communicate complete risk management cycle.
• Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls.
• Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards.
• Enable business assets owners, executives, and other stakeholders to make risk informed decisions to manage and mitigate risks.
• Enable employees to understand, embrace and follow the controls.
• Build a cybersecurity risk-aware environment.