Cyber Risk Manager - London

bct resourcing ,
London, Greater London
Job Type: Full-time
Salary: £80,000 per annum

Overview

Senior Cyber Risk Manager London £80000 - £95000 per annum As part of our global cyber security programme, you will support the business in continuously challenging and thus strengthening the confidentiality, integrity and availability of its client's data, our intellectual property, and our IT assets. As a member of the Cyber Risk Management team, you will be responsible for various cyber risk related activities that include: risk assessments and reviews of business and IT processes and solutions, technical security assessments of new applications or technology, due diligence reviews of outsourcing partners, security awareness training and provide cyber risk consultancy. Main tasks/activities: Conduct risk assessments of new or materially changed systems and facilitate or conduct associated security penetration testing. Act as the technical lead on mobile security risk assessments. Conduct risk reviews and spot-checks to ensure ongoing compliance with security regulations. Provide training and education for staff on all aspects of Information Security. Perform vendor due diligence and risk assessments to gain assurance of their Information Security practice, including ongoing reviews. Respond to Information and Cyber Security questionnaires and audits by clients and regulators in close collaboration with the business functions, IT, and Legal. Assist with development and maintenance Global InfoSec policies and standards in-line with changing business and regulatory requirements as well as changing industry good practice. Contribute to the ongoing development of the Information Security function, its processes, and tools. Position Requirements: A graduate or masters degree in Computer Science, IT or related fields - ideally with an IT security focus or equivalent background. At least 5 years' experience in a related role, preferably in a similar position at a financial, insurance, or healthcare institution with a global footprint. Experience in performing application and infrastructure penetration tests and using associated frameworks and tools (OWASP, Nessus, etc.) Understanding of protocols and application techniques like HTTP, Kerberos, OAuth, SAML, containerisation technologies, microservice infrastructure, secure APIs, secure DevOps practices. A history as developer and have a good infrastructure engineering and security related background (optional extra) Strong knowledge and practical implementation experience of security frameworks and regulations (ISO27001/2, NIST, HIPAA, OWASP, PCI). An in-depth understanding of cyber security threats, attacks and countermeasures. Must be able to work independently under limited supervision and to coordinate and prioritize work to meet agreed deadlines. Excellent communication, interpersonal, and presentation skills.