Qualifications/Experience
- Ten+ years of experience in Cyber Security, IT Risk and technology risk management areas.
- Experience leading an effective Cyber Risk Management program and IT Controls Assurance Program
- Experience working with key Operational Risk processes, loss event management, KRI & KPI production, risk reporting, controls assurance, etc. in a first or second line of defense capacity
- Implementation experience in ISO certifications and SOC attestations
- Knowledge of information security standards, particularly ISO 27001 and attestation reports (e.g. SOC 1/2)
- Knowledge of GRC Platforms, particularly Service Now
- Use or knowledge of Service Now Risk Module
- Understanding of basic Cyber Security and IT concepts, such as networks, vulnerabilities, types of cyber-attacks, etc
- Strong stakeholder management skills, including technical members of staff and senior executives, including stakeholder negotiation, and influencing
- Ability to multitask and manage competing priorities
- Excellent time management and organizational skills
- Excellent interpersonal and conflict management skills
- Excellent written and verbal communication skills
Skills/Abilities
Certifications
- CISA/CISM or equivalent
- Certifications in any of the ISO roles
- Other IT Technical Certifications