Introduction & Summary:
We are seeking a
Lead or Principal Business Information Security Specialist with a minimum of 8-10 years of experience. The ideal candidate will be responsible for spearheading security risk management processes across designated business domains, ensuring compliance with corporate standards such as ISO 27001 and supporting the organization's overall Information Security Management System (ISMS).
Main Responsibilities:
Key responsibilities include leading security risk management initiatives and ensuring alignment with legal compliance and business continuity:
- Identify and document security risk scenarios.
- Evaluate asset criticality for confidentiality, integrity, and availability.
- Assess vulnerabilities and threats using corporate risk catalogues.
- Analyse business impacts (financial, regulatory, reputational, operational).
- Select risk response options (accept, avoid, mitigate, transfer).
- Maintain and update the Unit Security Risk Register and Risk Heatmap.
Key Requirements:
- Proven experience in cybersecurity risk management or information security.
- Hands-on experience with Archer GRC platform (mandatory).
- Strong knowledge of risk assessment methodologies and threat modelling.
- Familiarity with ISO/IEC 27005, ISO 31000, and ISO 27001.
- Ability to analyse technical vulnerabilities and business impacts.
- Excellent documentation and communication skills.
- Experience with risk registers and heatmaps.
- Knowledge of security capabilities (SDL, Cloud Security, IAM, Threat & Vulnerability Management).
Nice to Have:
- Preferred Certifications: CISSP, CISM, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor (or equivalent).
