Overview of the Information Security Risk Specialist Role

 

We are seeking a highly skilled and experienced Information Security Risk Specialist to join our growing team. The ideal candidate will manage metrics collection and dashboard maintenance, handle cybersecurity exceptions, support IT risk management processes and assist with the deployment and implementation of IT standards. This role will be providing dedicated support to our client.

 

Key Responsibilities:

 

IT Risk Management:

• Identify and assess information security risks utilizing a known IT Risk Management framework.
• Enter and document findings from security assessments into risk register.
• Ensure proper categorization of findings.
• Monitor and report on risk management activities, supporting risk ownership and treatment proposals.
• Partner with procurement, legal, and privacy teams to manage third-party risks.
• Complete third party risk assessments, assigning risk scores based on inherent risk criteria and controls.
• Document and review assessed vendors.

 

Metrics Management and Dashboard Maintenance:
• Regularly update the company metric catalog on a monthly basis.
• Ensure PowerBI dashboards are functioning correctly and effectively.
• Prioritize the development of additional metrics to enhance security measures.
• Create and update dashboards to monitor and report on defined targets.

 

Cybersecurity Exception Management:
• Respond to and manage cybersecurity exception workflows using the ticketing system.
• Maintain and update policies and standards in the company GRC tool.
• Map and align policies and standards to controls within the company GRC tool.

 

IT Standards Deployment and Implementation:
• Assist in implementing and maintaining policies, standards, and procedures in alignment with the company Risk Compliance methodology and the Information Security Framework.
• Provide oversight and direction for various information security initiatives.
• Collaborate with the PMO to ensure project planning includes applicable security controls.
• Map security capabilities to projects and budget allocations.
• Enhance security awareness through phishing campaigns and annual training.
• Analyze security metrics to identify and mitigate risks associated with high-risk users and groups.
• Participate in risk and control working groups, pushing for accountability and comprehensive reporting to leadership.

 

Qualifications:
• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or a related field.
• Minimum of 3 years’ experience information security risk management (preferably in a medium to large organization)
• Strong understanding of risk management frameworks and regulatory requirements.
• Proficiency with tools such as PowerBI, ServiceNow, and Drata GRC.
• Excellent analytical, organizational, and communication skills.
• Ability to collaborate effectively with cross-functional teams.

 

Preferred Qualifications:
• Professional certifications such as CISM, or equivalent are desirable
• Experience in third-party risk management.
• Knowledge and experience in deploying and implementing IT standards.
• Experience with ISO27001 or SOC2 is desirable

 

Benefits:
• 20 days annual leave with increases upon tenure.
• Health insurance.
• Pension.

 

Diversity & Inclusion Mission Statement

At Smarttech247, our mission is to keep our customers secure. Cybersecurity is a complex industry, therefore, in order to tackle its challenges and continue to innovate, we believe that a diverse workforce contributes to greater collective intelligence and ultimately, makes a stronger team – qualities that are needed in our fight against cybercrime.
Smarttech247 is proud to be committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment is decided on the basis of qualifications, merit and business need.