Cyber Risk Analyst
Risk Management division forms part of our second line (of defense) and its mission is to support in achieving its goals and delivering its strategy through providing robust, independent oversight of risk-taking activities across the Group.
The Cyber Risk Analyst supports the Risk Management division by identifying, assessing, and monitoring cyber risks across the organization. This role is responsible for ensuring that cybersecurity policies, procedures, and controls are effectively implemented and maintained, in line with internal standards and regulatory requirements. This role would include active support in risk oversight for security-related areas such as access management, network/application/platform security, etc.
Key Responsibilities
* Evaluate, test, and recommend cybersecurity policies, procedures, and systems (hardware, firmware, software);
* Review and challenge cybersecurity architecture, designs, plans, controls, and standards to ensure alignment with security objectives;
* Identify cyber risks and exposures, investigate causes of security incidents, and propose procedures to prevent recurrence;
* Participate in the investigation cybersecurity incidents, and recommend enhancements to improve security posture;
* Develop and apply techniques for conducting cybersecurity risk assessments and compliance audits;
* Support the evaluation and testing of systems for potential cybersecurity impacts;
* Provide guidance and direction within IT and to business users regarding cybersecurity and protection of information assets;
* Maintain up-to-date knowledge of relevant cybersecurity standards, frameworks, and regulatory requirements.
Required Qualifications
* Master's degree in computer science, Information Technology, Cybersecurity, or a related field (or equivalent experience);
* At least 5+ years of experience in cybersecurity, information security, or a similar area.
* Familiarity with cybersecurity standards (e.g., ISO 27001, NIST CSF, COBIT).
* Analytical and problem-solving skills.
* Good written and verbal communication skills in English.
* Professional certifications (e.g., CompTIA Security+, SSCP, or equivalent) are a plus.
Soft Skills
* Attention to detail and a methodical approach to problem-solving;
* Ability to work collaboratively within a team and communicate effectively with both technical and non-technical stakeholders;
* Eagerness to learn and develop new skills in cybersecurity and risk management;
* Ability to manage time and priorities effectively, especially when handling multiple tasks or deadlines.