الخبرة : 0-3 سنة
الراتب : غير مذكور
المكان : لبنان
Responsibilities:
Develop and implement the integrated risk management framework, policies, standards, and procedures, in accordance with the IRM’s professional standards¹.
Establish and maintain the integrated risk register, risk appetite, risk indicators, and risk reporting mechanisms, and ensure that information, cybersecurity, and compliance risks are effectively communicated and escalated to the relevant decision makers.
Lead and coordinate the integrated risk assessment process, using appropriate tools and methodologies, and provide recommendations for risk mitigation and control.
Monitor and review the integrated risk profile and the effectiveness of risk controls, and initiate corrective actions and improvement plans as needed.
Provide integrated risk advisory and consultancy services to the business units and projects and support the integration of information risk management into the business processes and systems.
Develop and oversee the execution of information security strategy.
Promote and foster a positive information risk culture and awareness across the organisation and provide information risk training and education to the staff and management.
Manage and develop the integrated risk management team, and ensure that they have the required skills, competencies, and certifications.
Develop policies, procedures, and controls in one or more standards/frameworks.
Oversee the development and delivery of organization wide Security awareness program.
Qualifications:
Minimum of 10 years of experience in information risk management, cybersecurity, compliance, or related fields.
Bachelor’s degree or higher in Engineering, Computer Science, Information Security, or related fields, or equivalent work experience.
Proven track record of leading and delivering successful integrated risk management solutions in a fast-paced and dynamic environment.
Strong knowledge and understanding of information risk management principles, practices, and standards, such as ISO 27001, NIST, OWASP, etc.
Experience with integrated risk management technologies, tools, and frameworks, such as GRC platforms, risk dashboards, risk analytics, etc.
Excellent leadership, communication, collaboration, and problem-solving skills.
Ability to work independently and as part of a team, and to manage multiple projects and priorities simultaneously.
Certification in relevant information risk domains, such as CISSP, CISM, CISA, CRISC, etc., is preferred.