Risk Consultant

Currently, we are looking for a Risk Consultant. You will be responsible for periodic reviews and updates of global Cybersecurity baseline requirements and control-level standards.

One of your main activities will be processing or platform assessments of compliance against the IT baseline and standards, identifying non-compliance risks, weaknesses in controls, and opportunities to enhance operational efficiencies, including automation.

As a result of your reporting periodically trends and priorities related to cyber compliance, you will contribute to the mitigation of cyber threats.

• Maintaining IT security Control Framework and advising control owners on the implementation of IDT security control requirements
• Conducting tests/verifications and security posture maturity assessments including cloud (mainly Azure and AWS) and SAAS solutions
• Evaluating impact and risk based on the results of assessments and requests 
• Determining remediation approaches with asset owners
• Providing ongoing support when needed by supplying clarification on cyber requirements
• Monitoring the progress of the remediation step
• Identifying data sources for use in cyber risk reporting and posture, aggregating data, and defining KRIs or reports for submission to ServiceNow IRM
• Conducting third-party Cyber Risk Assessments (IT and non-IT vendors), a review of SOC2 or PCI-DSS reports, performing own assessments
• Designing third-party risk coverage options through technical and automated solutions, e.g. for VDI, and SAAS

• Proficiency in conducting risk assessments
• Practical experience in the cloud (AWS, Azure) and SAAS
• Excellent written and communication skills, including experience with a non-technical audience in English
• Previous work in an international environment
• Experience in assessing and managing third-party cybersecurity risks
• Practical experience in designing and implementing IT and privacy controls (outside the scope of a financial/SOX audit)
• Understanding of industry methodologies and standards for security, risk management, and assessment and their application in the context of a large enterprise environment (ISO 27000 series, NIST, CIS Top 20, OWASP, PCI DSS, Trust Service Criteria)
• Experience in the area of consulting, internal control or internal audit
• Independence in carrying out assigned tasks, while being able to work in a team, self-reliance, creativity, and problem-solving skills
• Experience in working as an expert with own responsibilities or project team