Cyber Risk Manager, Attack Surface Management/Reduction is required for this financial institution based in Buckinghamshire.
You will be experienced in cyber risk management and the threats/vulnerabilities in today's infrastructure world. This role is focused on Cyber Risk Management, specifically Attack Surface Management/Reduction - more than just Vulnerability Management.
You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security threats and incidents.
Salary: £80,000 - £96,000 + Excellent Financial Benefits + Bonus
Working Arrangement: Hybrid working. Buckinghamshire based, 3 days a week in the office, 2 days remote.
You will possess a sufficient technical background, including an understanding of the Vulnerability Assessment/Management arena, and now want to focus more widely on Attack Surface Management/Reduction.
This role requires solid communication skills, as you will be liaising at all levels, including with the CISO.
Your Responsibilities:
1. Manage deliverables closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development, and business/3rd party engagement.
2. Deliver solutions to reduce the attack surface of UK assets from analysis of cyber metrics.
3. Report detailed findings, exploitation procedures, and mitigation techniques, effectively communicating with stakeholders.
4. Ensure continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation.
5. Analyze cyber metrics to identify, prioritize, and remediate root causes to reduce the attack surface.
Your Qualifications:
1. Experience in Cyber Risks and Vulnerabilities, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly.
2. Understanding of vulnerability analysis in the context of common infrastructure models (on-prem, infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS).
3. Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices.
4. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices.
5. Project management (technical) experience preferably within cyber security.
#J-18808-Ljbffr