Cybersecurity Risk & QA Manager

at  Cubane Solutions AB

REQUIREMENTS

• Experience in cybersecurity risk management, security control frameworks, and quality assurance.
• Expertise in overseeing and maintaining security frameworks (e.g., NIST CSF, CIS Controls) and conducting internal control testing, audits, and vulnerability assessments.
• Strong capability in driving continuous improvement programs and ensuring operational effectiveness of cybersecurity controls.
• Relevant certifications (CISSP, CISM, CRISC) and fluency in Swedish and English are essential.
• Experience with hybrid environments (on-premise, cloud) and knowledge of Lean-Agile or DevSecOps methodologies.

• Cybersecurity Risk Management: Integrate cybersecurity risk management into the Enterprise Risk Management (ERM) framework, ensuring risks are identified, assessed, and mitigated.
• Security Control Framework: Oversee and maintain the Security Control Framework aligned with industry standards (e.g., NIST CSF, CIS Controls) to address risks and ensure effective security controls.
• Threat Catalogue Management: Regularly update and manage the Threat Catalogue to account for evolving threats, guiding mitigation strategies.
• Quality Assurance: Define and drive a robust cybersecurity quality assurance program, including penetration testing, red team exercises, vulnerability scanning, and control testing, ensuring operational effectiveness.
• Continuous Improvement: Drive a cybersecurity continuous improvement program to adapt and enhance controls in response to emerging threats, audit findings, and business needs.
• Regulatory Compliance: Ensure cybersecurity practices comply with regulatory requirements and support regulatory audits, reporting on compliance status.
• Cybersecurity Reporting: Develop and report on Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and cybersecurity maturity assessments to measure effectiveness and guide decision-making.