Are you passionate about offensive security, enjoy breaking down walls with an array of tools and techniques, and continuously learning about the offensive security world We are seeking a dynamic Cyber & Offensive Security Risk Lead to join our Data, Technology & Cyber Risk function.
Job Description
The Cyber & Offensive Security Risk Lead will assist the Chief Information Security Officer to establish and maintain robust governance and oversight over the effectiveness of cyber risk management to ensure that the Bank's technology and information assets are adequately protected.
Primary Responsibilities
- Assist with the development, review, update and/or roll-out of cyber risk-related framework, policy, and initiatives to facilitate effective risk management and governance over cyber risk management.
- Review and assess the extent of compliance with internal policies, procedures, standards and regulatory requirements.
- Provide advisory, guidance and challenge to Business Units and Functional Units in their management of cyber risks to achieve their business objectives and within the Bank's risk appetite.
- Conduct independent assessments on the adequacy and effectiveness of control measures implemented by the 1st Line of Defense (FLOD), and recommend mitigation actions to address vulnerabilities, if any.
- Lead Red Team (offensive cyber) activities to proactively simulate real-world cyber-attacks on the Bank's security controls to identify and exploit security weaknesses and vulnerabilities.
- Provide recommendations and remediation strategies to address security vulnerabilities identified during offensive cyber activities.
- Establish relevant Key Risk Indicators (KRIs) and metrics to monitor and measure cyber risk exposures.
- Prepare and present cyber risk reports to Senior Management and relevant committees, highlighting key findings, trends and/or recommendations.
- Respond to enquiries and audits (i.e. internal, external and regulatory) pertaining to cyber risks.
- Where required, collaborate with the Bank's cyber incident response team to provide advice and/or support during security incidents and cyber-attacks.
- Conduct cyber risk awareness training across the Bank, fostering cyber risk awareness and a security-conscious culture.
- Stay abreast of emerging cyber threats, vulnerabilities, attack techniques, and regulatory developments to proactively address potential cyber risks, and assist the Management (and/or Board) understand potential concerns or risks that might impact the Bank.
Qualifications
- Bachelor's degree in computer science, Information Security or a related field.
- Minimum of 15 years experience in any of these disciplines: offensive security, information security, risk management or compliance in related areas.
- Professional certification such as CISSP, CCSP, CGRC, CISM, CISA, CRISC, CompTIA PenTest+, Offensive Security (e.g. OSCP, OSCE, OSWE & OSWP), SANS (e.g. GXPN, GWAPT, GPEN & GMOB), Zero-Point Security and/or CREST would be advantageous.
- Sound knowledge in regulatory requirements around technology risk and cyber resilience.
- Knowledge of network protocols, operating systems, application security and cloud security.
- Possess strong verbal and written communication skills, and capable of engaging senior stakeholders.
- Clear analytical thought process and good understanding of emerging technological developments and risk management frameworks.
Interested candidates please submit your application through Jobstore