JOB PURPOSE

Carry our cyber risk dialogues with senior IT team members, CISOs of clients and various other external stakeholders in order to assess, provide feedback on & generate reports on the cyber security maturity. Also review the IT Security Policy, Business Continuity Plan & incident response readiness and share IT Security improvement insights and market benchmarking against peers.

PRINCIPAL ACCOUNTABILITIES

1. Risk Dialogue for Cyber Security Maturity Assessment -

The primary responsibility of this individual will be to conduct risk dialogues with our existing and prospective clients. The dialogue is required to include aspects of business exposure assessment to understand the business models/structure, revenue streams, cost, resilience, data processing, etc. as well as a security technical assessment to understand the overall IT and OT security setup including people, process and technology side. The stake holders from the client side normally include the CISO, Risk manager, IT and OT representative and other relevant participants to support the agenda therefore the dialogue must be structure, clear and well managed.

2. Underwriting Insights and Risk Report Creation -

The most critical outcome of the risk dialogue is the creation of a detailed risk report including clearly understandable and quantifiable inputs on the quality of the risk and threat areas. The report should include a clear and justifiable risk score than can be used to benchmark the client against their peers. This will form the primary basis of underwriting the risk.

3. IT Security Improvement Insights and Market Benchmarking -

Should be able to offer insights on improvements and carry out market benchmarking of the client's risk posture post the risk dialogue in the form of a report to allow clear and simple understanding of the client's risk profile. This may be for internal consumption or for consumption by the client.

4. Incident Response Readiness Assessment -

The cyber expert should be able to analyze and rate the client's preparation and preparedness to effectively respond to an incident including their ability to detect, report and successfully contain and neutralize the threat. The client's ability to manage post loss activities including tie ups with IT, crisis, PR consultants to also be evaluated.

5. Developing Cyber Risk Review Infrastructure and Capability within BAGIC -

The cyber expert should be able to setup a robust and scalable internal process aimed at expanding in house capability to carry out cyber risk reviews in a swift and thorough manner.

6. Other Skills

- Should be well connected with special interest groups and be informed and updated with all latest happenings on Cyber Security space

- Should be able to create case studies of the security incidents and breaches in relevance to the proposed client meetings

- Should be able to relate the case studies with the client pre / post the gap assessments on the applicability

- Should be able to visualize the current state to the desired state on cyber security posture relevant to the business, technology, and threat landscape

- Should be able to recommend the solutions to the client from both technology and process control

- Continuous learning and development to keep up with changing technologies and threats

7. IT Security Policy & Business Continuity Plan Advisory-

A lot of our clients are start-ups or SME/MSME companies that may be in the initial stages of their IT security journeys and therefore may have basic or primitive IT security policies and business continuity plans. The cyber risk expert should be capable to advise and assist the client by carry out reviews/audits of their existing policies and suggest improvements and also check for the client / prospective clients practice and readiness on BIA, BCMS and regular risk assessment practice and provide feedback.

Educational Qualifications

a) Graduation and post-graduation in IT/CS

b) Specializations and certifications in IT security, Network management etc.

c) Experience managing cyber security for organizations

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.