Cybersecurity Governance and Risk Officer H/F

Governance and Compliance:

• Ensure alignment with applicable legal, regulatory, and industry standards.
• Develop, enforce, and periodically update security policies, standards, and procedures to ensure ongoing compliance.
• Monitor and assess organizational adherence to security guidelines.

Risk Management:

• Contribute to identifying and evaluating risks across the organization.
• Conduct risk assessments, identify potential vulnerabilities, and collaborate on risk mitigation strategies.
• Continuously monitor risk exposure and track the effectiveness of mitigation actions.

Awareness and Training:

• Design and execute security awareness initiatives, including phishing simulations, to evaluate employee understanding of security protocols.
• Tailor security awareness campaigns to specific roles and departments within the organization.
• Collaborate with HR to manage the security aspects of the employee lifecycle, including background checks, transfers, disciplinary actions, and terminations.

Information Asset Management:

• Maintain and manage inventories of critical information assets, assessing their risks and the security controls in place.
• Own and oversee the cybersecurity control catalog, ensuring applicable controls are consistently enforced.

Security Auditing:

• Lead internal security audits and manage responses to external audit requests.
• Conduct audits of third-party vendors, ensuring compliance with security standards and maintaining an up-to-date inventory of approved suppliers and tools.

Qualifications:

• 5+ years of professional experience in cybersecurity, specializing in auditing, governance, and risk management.
• In-depth knowledge of industry regulations and standards.
• Familiarity with modern security frameworks and incident response methodologies.
• Relevant certifications such as CRISC, CISA are preferred.
• Experience with security control frameworks (e.g., CIS Controls, NIST SP 800-53) and cybersecurity frameworks (e.g., NIST CSF, ISO27001).

Additional Information:

• Highly responsive, proactive, and energetic.
• Strong analytical, problem-solving, and decision-making abilities.
• Able to work independently and collaborate effectively in a team environment.
• Demonstrates high ethical standards and integrity.
• Skilled at prioritizing tasks and managing time effectively to meet critical deadlines.
• Excellent attention to detail and sound judgment.
• Strong communication and interpersonal skills, with a user-centric approach.
• Willingness to work beyond regular business hours when necessary.