Introduction & Summary
We seeking a
lead or Principal Business Information Security Specialist with a minimum of 8-10 years of experience. This role is essential to lead and execute the security risk management process across designated business domains, ensuring alignment with corporate standards and supporting the organization's Information Security Management System (ISMS).
Main Responsibilities
Key duties include:
- Identify and document security risk scenarios.
- Evaluate asset criticality for confidentiality, integrity, and availability.
- Assess vulnerabilities and threats using corporate risk catalogues.
- Analyze business impacts (financial, regulatory, reputational, operational).
- Determine inherent, residual, and target risk levels.
- Select risk response options (accept, avoid, mitigate, transfer).
- Maintain and update the Unit Security Risk Register and Risk Heatmap.
- Provide quarterly risk maps and updates to stakeholders.
- Communicate risk posture to internal/external stakeholders.
- Ensure full documentation of risk management activities.
Key Requirements
The ideal candidate should possess:
- Proven experience in cybersecurity risk management or information security.
- Hands-on experience with Archer GRC platform (mandatory).
- Strong knowledge of risk assessment methodologies and threat modelling.
- Familiarity with ISO/IEC 27005, ISO 31000, and ISO 27001.
- Ability to analyze technical vulnerabilities and business impacts.
- Excellent documentation and communication skills.
- Experience with risk registers and heatmaps.
- Knowledge of security capabilities (SDL, Cloud Security, IAM, Threat & Vulnerability Management).
Nice to Have
Preferred certifications include:
- CISSP
- CISM
- CRISC
- CGEIT
- ISO 27001 Lead Implementer/Auditor (or equivalent)
