GRC, Technological and Cyber Risk Expert

Responsibilities:

• Updating, maintaining, and challenging the Cyber Risk Assessment Methodology.
• Providing support and assistance in implementing the IT and Cyber Risk Assessment Methodology across the supply chain.
• Planning, executing, and validating operational risk assessments across all technological processes, according to a multi-year plan, within a dedicated system, and formulating risk mitigation plans.
• Challenging and guiding managers in the Technology Division regarding reporting and investigating failure events within the division and investigating failure incidents as needed.
• Conducting IT risk assessments on all organizational systems, aiming to prioritize and build a multi-year information security audit plan for production systems.
• Annual updates of policy and procedure documents in the fields of Information Technology and Information Security.
• Completing questionnaires and formulating responses to requirements from customers and/or business partners submitting information security questionnaires.

Requirements:

• Familiarity with risk management frameworks such as NIST, COBIT, ISO – mandatory.
• 5 years of experience working with methodologies in the field of technological risk management, risk assessment, and effectiveness evaluation of controls – mandatory.
• Experience in managing technological risks in cloud environments – advantage.
• Full proficiency in English, including professional terminology – mandatory.