Required Threat Risk Assessment Specialist
Whats it like working as a Threat Risk Assessment Specialist?
As a Threat Risk Assessment Specialist, you will be working in the CISO function and reporting to the Manager, Cybersecurity Risk.
Your primary activity is to perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, qualify and quantify the risk and potential impacts in line with existing methodologies and industry best practices.
You will collaborate with other teams and third parties to identify weaknesses and potential attack vectors. You will document your findings and recommended enhancements or compensating controls that will reduce the residual risk and enable the initiatives to proceed within cyber risk tolerance.
Need more details? Keep reading
In this role, responsibilities include but are not limited to:
Perform cybersecurity threat risk analysis on various technology solutions, configurations, technologies and vendors, in order to assess, qualify and quantify the risk and potential impacts in line with existing methodologies and industry best practices
Review firewall rule change requests to identify potential risks and exposures
Support the cybersecurity threat risk assessment program and assist in the improvement of the underlying processes to support the rapid pace of business and technology changes in support of our Agile methodology
Drive continuous risk reduction by collaborating with internal cybersecurity and IT teams to assess proposed changes against compliance with Information Security Policy and Standards and adherence to best practices
Work with internal subject matter experts to undertake an in-depth analysis of risks and provide risk mitigation guidance
Influence and encourage stakeholders to prioritize and execute risk management initiatives and drive remediation of process and risks
Support the end-to-end operation of the threat risk assessment (TRA) program
Continuously identify TRA process gaps and opportunities for improvement to efficiently yet safely support the rapidly growing organization
Organize, track and retain detailed risk assessment documentation
Participate in team meetings and contribute to technical discussions, track time and activity
Support the Cybersecurity Risk team and wider CISO function on ad-hoc projects.
Requirements: University/Community College Business Administration, Information Technology or Engineering degree/diploma (or equivalent) or equivalent work experience
Experience with performing Cybersecurity Threat Risk Assessments TRAs
An understanding of firewall rules and access control lists (ACLs) and how to assess them from a risk perspective
Knowledge of cybersecurity, networks, operating systems and applications
Knowledge of cybersecurity risk frameworks such as DoD RFM, OCTAVE FORTE, FAIR, NIST 800-30, and NIST 800-39
Knowledge of cybersecurity controls, frameworks and principles such as NIST CSF, CIS CSC, PCI DSS, OWASP, S-SDLC, Agile
Strong understanding of cybersecurity technical controls, broad knowledge of associated risks, attack vectors and mitigation techniques
Ability to qualify and/or quantify cybersecurity risks by applying formalized threat risk assessment methodologies
Excellent English communication skills (written and oral)
Strong analytical and problem solving skills
Strong self-discipline and self management skills, able to work effectively on your own and in a team setting
Strong desire to stay current on the security landscape, threat vectors and assessment of new security trends.
This position is open to all candidates.