Overview The Infosec Technical Risk Lead is a strategic partner to the business and is responsible for supporting information security risk management and technical security analysis within the sector. This role requires a technical security expert to assess, mitigate, and remediate security risks, driving security initiatives within the sector and promoting security awareness. By fostering strong relationships with business units and collaborating with global security teams, the Security Technical Risk Lead will support cyber risk mitigation and drive a culture of security. Responsibilities Security Risk Management: Serve as the primary technical security contact within the region for risk analysis, gap identification, mitigation, and remediation. Manage security work intake for specific business units. Escalate and provide appropriate, informed recommendations on security gaps/opportunities within the region to Sector BISO Vulnerability Management: Support vulnerability mitigation and remediation plan development. Collaborate with Attack Surface Management to understand security impacts of complex technical issues. Third-Party Security: Assist Attack Surface Management in assessing and remediating website and mobile security risks for local third parties. Third-Party Risk Management: Collaborate with the third-party security risk management team on assessments, issues, escalations, and remediation. Mergers and Acquisitions: Support information security due diligence and integration efforts within the sector. Technical Expertise: Act as the technical subject matter expert on security initiatives. Leverage global security technologies to solve problems and support global project teams in testing, deployment, and execution. Stakeholder Management: Build and maintain relationships with key stakeholders to ensure alignment with security policies, standards, and strategy. Address stakeholder resistance and foster collaboration between business and information security. Business Engagement: Develop and implement strategies to engage business functions on information security technical matters. Gain buy-in for security initiatives. Incident Response: Provide guidance for incident after action engagement programs and post-incident activities. Solution Delivery: Partner with sector and business unit deployment leads and information security solutions architects to deliver secure business solutions. Security Requirements: Support security assurance and project teams in developing funding estimates for security requirements. Provide feedback on security requirements during planning cycles. Security Exception Management: Support and track sector-based security exception processes and remediation. Training and Awareness: Conduct information security assessments, educate business functions on services and processes, and develop content for security programs, initiatives, and risk awareness. Program Support: Assist in delivering cybersecurity program initiatives within the sector. Qualifications Bachelor’s degree required 8-10 years as IT Security Architect/Engineer or similar experience Experience with security architecture, application risk analysis, vulnerability management, data classification, CIS Top 20 Critical Controls CISM, CISSP, GIAC certifications preferred Well versed in NIST Cybersecurity Framework Written/spoken English proficiency required
Let our experts design a Professional CV for you.