Cyber Security Risk Manager

at  Power Advocate Inc

In the middle of the energy transition, businesses and governments are faced with significant challenges. But the pace and scale of change mean every decision is made under mounting pressure. Now, more than ever, companies need reliable data, analytics and actionable insight.
Wood Mackenzie is the leading global provider of data and analytics solutions for the renewables, energy and natural resources sectors.
Wood Mackenzie’s services include data, analytics, insight, events and consultancy. A trusted partner for over 50 years, Wood Mackenzie’s team has over 2,300 experts across more than 30 global locations who cover the entire supply chain.

COMPANY DESCRIPTION

Wood Mackenzie are the global research, analytics, and consultancy business powering the natural resources industry. For 50 years, we have been providing the quality data, analytics, and insights our customers rely on to inspire their decision making.
Our dedicated oil, gas & LNG, power & renewables, chemicals, metals & mining sector teams are located around the world and deliver a variety of projects based on our assessment and valuation of thousands of individual assets, companies, and economic indicators such as market supply, demand, and price trends.

JOB DESCRIPTION

We are seeking a highly skilled and strategic-minded Cyber Security Risk Manager to join our dynamic team. In this role, you will play a key part in identifying, assessing, and mitigating cyber security risks to protect our organization’s assets and information.
As a Cyber Security Risk Manager, you will be responsible for developing and implementing an effective cyber security risk management program. This includes identifying and evaluating potential threats, assessing vulnerabilities, and implementing strategies to minimize risk exposure. The ideal candidate will have a strong background in cyber security, risk management methodologies, and the ability to collaborate with various teams to ensure a robust security posture.

QUALIFICATIONS

• Bachelor’s degree in Cyber Security, Information Technology, or a related field. Advanced certifications (CRISC, CISM, CISSP) are highly desirable.
• Proven experience (5+ years) in a cyber security risk management role, demonstrating a strong understanding of risk assessment methodologies.
• Experience with ServiceNow GRC is a plus.
• In-depth knowledge of cyber security principles, frameworks, and best practices.
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks.
• Strong communication and interpersonal skills to effectively convey complex technical concepts to non-technical stakeholders.
• Experience with risk assessment tools and methodologies.
• Familiarity with relevant regulations and compliance standards (ISO 27001, SOC2, NIST, GDPR, etc.).

• Develop and implement a comprehensive cyber security risk management program to identify, assess, and prioritize cyber threats and vulnerabilities
• Conduct regular risk assessments and vulnerability assessments, considering emerging cyber threats and industry best practices.
• Collaborate with cross-functional teams to establish risk tolerance levels and ensure alignment with organizational objectives.
• Analyze and interpret cyber security data to provide insights into potential risks and recommend appropriate mitigation strategies.
• Develop and maintain risk assessment documentation, including risk registers, impact analyses, and risk treatment plans.
• Communicate effectively with stakeholders, including executives, to present risk findings, potential impacts, and recommended risk mitigation strategies.
• Stay current with industry trends, emerging threats, and best practices in cyber security and risk management.
• Lead the development of key risk indicators (KRIs) and key performance indicators (KPIs) to monitor and measure the effectiveness of the risk management program.
• Provide guidance to project teams to integrate risk management practices into the project life cycle.
• Collaborate with internal and external partners to enhance the organization’s cyber resilience and incident response capabilities.