Manager, Cybersecurity Risk

Get AI-powered advice on this job and more exclusive features.

The Cybersecurity risk manager reports to the Business Information Security Officer (BISO) and collaborates with business and IT colleagues to deliver critical capabilities in support of strategic information security goals. This includes operational management of third‑party and IT system cybersecurity assurance processes that assess against company standard information security controls. This role will also coordinate the execution of periodic penetration tests and other required cybersecurity assessments, including the end‑to‑end management of identified issues.

The role will interface with stakeholders in privacy, legal, quality, and other compliance functions and requires excellent communication skills and the ability to support multiple efforts across information security disciplines.

As a member of the Information Security team and under the supervision of the BISO, the Cybersecurity Risk Manager is responsible for cybersecurity assessment processes in alignment with the IS strategy and roadmap. Responsibilities include working with the business and IT to ensure that they assess third parties and IT systems against information security controls. The Cybersecurity Risk Manager also leads the coordination and execution of penetration tests and other cybersecurity assessments, ensuring the assignment of identified issues to owners and tracking through completion.

In addition, this role supports the BISO in the management of a cybersecurity risk management platform. The expectation is that the individual successfully coordinates multiple tasks and priorities continuously with limited supervision.

• Support the business and IT on initial assessment of third parties against industry standard information security controls using the company standard third party risk management solution.
• Manage identified issues through cybersecurity risk management processes, including risk analysis and recommendations for remediation or mitigation, in partnership with colleagues from privacy, legal, quality, and other compliance functions as required.
• Establish and manage a complete inventory of business and IT applications and third parties to ensure a defined level of inherent and residual risk.
• Oversee and support the execution of ongoing governance for inherently high risk third parties, ensuring the periodic evaluation of changes to security posture.
• Provide periodic status reporting to the BISO and CISO.

• Support the business and IT on the execution of information security assessments against industry standard information security controls as part of the systems development life cycle.
• Manage identified issues through cybersecurity risk management processes, including risk analysis and recommendations for remediation or mitigation, in partnership with compliance stakeholders from privacy, legal, quality and compliance colleagues as required.
• Manage the process to ensure that the inherent and residual risk levels for business and IT applications are documented, with a focus on those that collect, process or store vital information (“crown jewels”) in coordination with information security colleagues.
• Oversee the execution of ongoing assessments for inherently high-risk IT systems, including a periodic evaluation of changes to the security posture.
• Provide periodic status reporting to the BISO and CISO, including the identification of systemic risk issues.

• Support the planning, scoping and coordination of annual independent penetration tests conducted by external partners.
• Analyze findings from the penetration tests and ensure the assignment of appropriate remediation or mitigation actions in collaboration with IT and information security colleagues.
• Track all issues through completion through the cybersecurity risk management process.
• Provide periodic status reporting to key stakeholders.

• 5+ years of experience in information security, including roles in information security assurance or…