Job Description
Cyber Risk Manager, Attack Surface Management / Reduction is required for this financial institution based in Buckinghamshire.
You will be experienced in cyber risk management and the threats/vulnerabilities in today's infrastructure world. This is a Cyber Risk Management focused role, emphasizing Attack Surface Management / Reduction, more than just Vulnerability Management.
You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security threats and incidents.
Salary: £80 – 96,000 + Excellent Financial Benefits + Bonus
Working Arrangement: Hybrid working. Buckinghamshire based, 3 days a week in-office, 2 days remote.
You will have a sufficient technical background and capabilities, including an understanding of the Vulnerability Assessment/Management arena, and will want to focus more widely, specifically in Attack Surface Management / Reduction.
This role requires solid communication skills, where you will liaise at all levels, including the CISO.
Your Responsibilities:
1. Manage deliverables closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development, and business/3rd party engagement.
2. Deliver solutions to reduce the attack surface of UK assets from analysis of cyber metrics.
3. Report detailed findings, exploitation procedures, and mitigation techniques, effectively communicating with stakeholders.
4. Ensure continuous operations for core capabilities: threat identification and monitoring, vulnerability life-cycle, critical vulnerability triage, risk reporting, and consultation on mitigation.
5. Analyze cyber metrics to identify, prioritize, and remediate root causes to reduce the attack surface.
Your Qualifications:
1. Experience in Cyber Risk and Vulnerabilities, able to accurately assess the potential impacts of security flaws and engage technical teams accordingly.
2. Understanding of vulnerability analysis in the context of common infrastructure models (on-prem, infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS).
3. Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices.
4. Ability to design and execute scenario-based tests tailored to the firm’s infrastructure and practices.
5. Project management (technical) experience, preferably within cyber security.
#J-18808-Ljbffr