Hybrid remote - 2 days a week onsite. The Risk Officer role deals with trying to predict and manage Cybersecurity risk within the organization. The role is demanding and involves assessing the threats posed to the company from various sources and translating that into a model that can be used to efficiently direct resources and expenditures for maximum return. Requirements: 7 years of Cybersecurity experience with a demonstrable focus on Risk assessment/Risk management Cyber Security Risk management by engaging with stakeholders through whichever medium is most appropriate Design and management of a working vulnerability management process that improves communication of risks and makes identification of actions easier Delivery of penetration testing on internal systems and applications as required. All tests must include a findings report and a follow-up with stakeholders to agree on actions required for mitigation Periodic reporting on Cyber Security Posture within the Revenue Develop and maintain a cybersecurity risk model representing systems, services, and data. The Responsibilities of the Role and the activities that will be required are: Generate and maintain a threat actor assessment model Identify Threat Actors and motivations to use as a template for risk profile assessment. Apply these profiles to the risk model to provide a more complete risk assessment of identified threats. Key Experience: Demonstrable experience leading or contributing significantly to a vulnerability management process in a Public Sector, FinTech or Public Services organization Experience in penetration testing involving any or all of : a. Web application (Java, PHP, Angular) b. Infrastructure (network, windows, Linux, database) c. API / Cloud (AWS, GCP, Azure) Experience with the application of the MITRE Att&ck framework Attack simulation and risk modeling Report writing and delivery of results Working as part of a team to deliver cross-discipline projects Experience of team leadership in a security environment Others: Generate, Maintain and assess Cybersecurity Incident Response plans based on threat scenarios Preparing Incident documentation and procedures in anticipation of an incident. Baseline scenario generation and assessment against the existing incident preparation material. Adding new scenarios and adapting as our status changes Detect, Assess, and verify vulnerabilities in Company systems Using penetration testing techniques to analyze company web applications and internal systems Reporting on findings and offering researched solution advice Build and maintain a risk profile of Company systems to enable accurate risk assessment The Risk Officer will lead a project to pull together information from relevant sources with the aim of building an accurate risk profile of Company systems and services. This risk profile will then be used to generate modified risk scores for CVEs as well as generate impact assessments. The Risk Officer must build an in-depth knowledge of Company systems and technologies in order to correctly model the environment. A strong technical understanding and applicable hands-on experience would be seen as an advantage. SIEM management and orchestration including use case generation and vendor collaboration Meet with SIEM vendor or vendors and service providers to ensure that use cases match our risk profile and to identify the optimum information resources for SIEM ingestion. Company Risk Posture management (Risk and Vulnerability management) Ownership and management of the Cybersecurity Risk and Vulnerability management process through its lifecycle. Lead security resources in developing processes, administration of the RVM, reporting and co-ordination of risks to relevant stakeholders. Project input Provide insight, co-ordination and input into projects at project initiation/HLD stage. This will require an ability to read and review project plans and provide feedback or ask for clarifications. Participate in projects that require security input and activities and provide support for other teams to ensure security by design principles are adhered to Skills: cybersecurity security ICT