We are seeking an experienced Cybersecurity Risk & QA Manager to ensure comprehensive cybersecurity risk management and quality assurance processes. The consultant will oversee and maintain the Bank’s security control framework, manage quality assurance practices, and continuously improve cybersecurity controls to address evolving threats.
Responsibilities
Cybersecurity Risk Management: Integrate cybersecurity risk management into the Enterprise Risk Management (ERM) framework, ensuring risks are identified, assessed, and mitigated.
Security Control Framework: Oversee and maintain the Security Control Framework aligned with industry standards (e.g., NIST CSF, CIS Controls) to address risks and ensure effective security controls.
Threat Catalogue Management: Regularly update and manage the Threat Catalogue to account for evolving threats, guiding mitigation strategies.
Quality Assurance: Define and drive a robust cybersecurity quality assurance program, including penetration testing, red team exercises, vulnerability scanning, and control testing, ensuring operational effectiveness.
Continuous Improvement: Drive a cybersecurity continuous improvement program to adapt and enhance controls in response to emerging threats, audit findings, and business needs.
Regulatory Compliance: Ensure cybersecurity practices comply with regulatory requirements and support regulatory audits, reporting on compliance status.
Cybersecurity Reporting: Develop and report on Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and cybersecurity maturity assessments to measure effectiveness and guide decision-making.
Requirements
Experience in cybersecurity risk management, security control frameworks, and quality assurance.
Expertise in overseeing and maintaining security frameworks (e.g., NIST CSF, CIS Controls) and conducting internal control testing, audits, and vulnerability assessments.
Strong capability in driving continuous improvement programs and ensuring operational effectiveness of cybersecurity controls.
Relevant certifications (CISSP, CISM, CRISC) and fluency in Swedish and English are essential.
Experience with hybrid environments (on-premise, cloud) and knowledge of Lean-Agile or Dev Sec Ops methodologies.