Security Risk Management Specialist

We are seeking a Security Risk Management Specialist to join our Governance, Risk and Compliance (GRC) team within the Information Security Department. You will be a crucial part of our mission to safeguard our Group against evolving cyber threats by identifying, assessing and mitigating information security risks. Your expertise will be key to protecting sensitive data, ensuring business continuity and supporting our compliance with global regulations and standards.

THE PERFECT TEAM MEMBER IS INSPIRED TO:

Manage Risk Processes: Identify, assess, and manage information security risks across the enterprise. Develop, implement and monitor risk treatment and mitigation plans. Maintain and update the corporate risk register within the Risk Management platform

Improve Third-Party Risk Management: Perform security risk assessments on vendors and third-party partners. Manage the complete third-party risk lifecycle, including due diligence, ongoing monitoring and remediation activities

Participate in Compliance Audits : Support compliance initiatives related to regulatory requirements and industry standards (e.g., ISO 27001, ISO 27017, etc.). Assist with internal and external audits by providing evidence and collaborating with audit teams

Improve Risk Policy & Framework : Help develop and maintain the Information Security Management System (ISMS), including security policies, standards and procedures, with a focus on risk management

Collaborate & Report: Work with internal teams, including Cyber Defense Operations; Architecture, Engineering and AppSec, to integrate threat intelligence and vulnerability data into risk assessments. Prepare and present detailed security risk reports to management and stakeholders across the organisation

THE SKILLS THAT WILL GRAB OUR ATTENTION:

Bachelor’s or Master’s Degree in Information Technology, Computer Science, or a related field

At least 3 years of professional experience in an Information Security GRC or Risk Management role

Proven experience conducting risk assessments, developing mitigation strategies and maintaining risk registers

Proficiency in using risk assessment tools and methodologies

Strong understanding of information security principles, risk management frameworks (e.g., ISO 27005, NIST) and best practices

Familiarity with regulatory compliance and industry standards such as ISO 27001

Excellent analytical, problem-solving and communication skills (written and verbal)

Ability to work independently, manage multiple priorities and collaborate effectively with a team

Professional certifications such as CRISC, CISA, CISSP, or Security+ are a significant advantage