Cyber & AI Risk and Compliance

Job Description For Cyber Risk & Data Privacy

I) Cyber / IT / Technology / Application / Information Security Risk

• Strategy: Define and implement cybersecurity and information security strategies

aligned with business objectives. Establish frameworks, KRIs, KPIs, and dashboards

for Lines of defence.

• Risk Management: Conduct assessments, identify gaps, score risks, and recommend

mitigations and improvements using industry standards and controls. Evaluation of

information security threats and their impact to clients IT environment.

• Testing & Maturity: Evaluate ISMS controls, test operating effectiveness, and provide

maturity analysis.

• Stakeholder Engagement: Collaborate with executives and IT teams; communicate

complex concepts clearly to non-technical audiences.

• Governance & Compliance: Implement robust GRC structures ensuring adherence to

regulations (GDPR, NIST-CSF, NIST-800 53, ISO 27001, DORA, ISO 42001,

SOX/SOC 2, PCI-DSS)

• Cyber Resilience: Enhance organizational cyber resilience and risk posture

• Risk Quantification: Proficiency in quantitative risk analysis methods (e.g., FAIR)

and CRQ tools.

• Reporting & Metrics: Design reports, dashboards, and risk metrics for management,

LODs

• Innovation: Drive automation and AI adoption in risk management, including GenAI

and agentic AI.

• Tools: Proficiency in cybersecurity and GRC platforms

II) Data Privacy Risk

• Strategy & Compliance: Develop privacy programs, policies, strategies aligned with

regulations (GDPR, CCPA, PDPA, ISO 27701, PIPEDA, Australian Privacy Act)

• Risk Management: Perform audits, DPIAs, and risk assessments; report gaps and

recommend mitigation; evaluation of data privacy threats and their impact on clients IT

environment

• Communication: Effectively engage technical and non-technical stakeholders.

• Tools: Familiarity with data privacy GRC tools

III) Cloud Risk

• Assessment: Identify and mitigate risks in cloud adoption and operations; assess cloud

security posture and provide solutions for improvement

• Compliance: Ensure adherence to ISO 27017, ISO 27018, CSA CCM.

• Technical Expertise: Strong knowledge of AWS, Azure, GCP, and cloud risk tools

(ServiceNow, OneTrust, BigID, Archer), CSPM tools

• Communication: Deliver clear, actionable insights.

IV) AI Risk

• Compliance & Risk Management: Conduct AI compliance and security audits, pre implementation reviews, and privacy assessments (ISO/IEC 42001, NIST AI RMF, EU

AI Act)

• Governance: Develop frameworks, strategy, and governance model for responsible AI

systems.

• Tools: Experience with AI risk management platforms (e.g., ServiceNow,

MetricStream)