Cyber Risk Management Lead

Cyber Risk Management Lead

RxLogix is seeking a Cyber Risk Management Lead to identify and remediate or mitigate risks. Candidate should have effective task management skills and the ability to communicate effectively. The individual must be able to rapidly respond to security incidents and should have at least 5 years of relevant experience in Cyber security Risk management. Candidates Should have deeper understanding with some hands-on experience on enterprise IT infra components such as O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP etc. alongwith cloud environments like AWS (Must), Azure etc.

Responsibilities:

- Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance.

- Developing, maintaining, or auditing security documentation such as policies, standards, and procedures.

- Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security, etc.

- Conducting internal security assessments to ensure continued compliance.

- Explaining roles in managing risk to cross-team functions and getting buy-in to improve the organizational risk posture.

- Managing the SOC 2 Type 2 assessment and providing adequate support for collecting relevant evidence for all relevant controls.

- Should be able to review RFPs (request for proposal) and provide responses for cybersecurity-related items.

- Manage Risk Governance.

- Implement/govern AWS Cloud and Office 365 Security.

- Manage and support internal and external audits.

- Follow up till closure on audit findings, if any.

- Manage dashboards and reports to keep track of priority events for IT and IS.

- Create a MOM for Board Meetings.

- Vendor Evaluation for Cyber Security Controls.

- Firewall rules review for On-premises and AWS firewall.

- Security Awareness: Create materials, rails, PPT/e-mailers and provide training as needed.

- Incident management and Business continuity.

- CISO dashboard and success reports.

- Meet with the business team to understand their business requirements from cyber cybersecurity perspective.

Requirements:

- Has basic knowledge of audit requirements (SOC2 HIPAA, ISO27001 etc. )

- Understanding of respective industry best practices (e. g., NIST, ISO, OWASP, ITIL).

- At least one security certification is strongly preferred, such as Certified Information Security

Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP).

- Prior experience in the management of technology infrastructure is preferred.