Alternate Job Titles

IT Security Manager, Technology Risk & Controls Manager, Cyber Risk & Compliance Manager, Cyber Risk Consultant, Cyber Assurance Manager, Information Security Manager, Security Governance, Risk, and Compliance (GRC) Manager

Job Level

Specialist

Functional Group

ICT Security

Job Family

IT Security

Job Description

The Cyber Risk Manager is responsible to:

  • Develop and enforce cybersecurity policies and standard operating procedures (SOPs), and monitor compliance to identify, assess, and mitigate risks from internal and external threats—ensuring the security of the organisation’s data and information systems.
  • Recommend on control needs by risk policy and standards and directs the assessment of information and cyber risks related to technological efforts.
  • Oversee the establishment and execution of cybersecurity standards and policies in addition to managing and coordinating responses to regulatory inquiries, inspections, and audits.
  • Manage the creation of reports and puts standards and regulations into practice.
  • Advise stakeholders on security procedures and measures.
  • Manage the implementation of the Cybersecurity policies by fostering a culture of security awareness, conducting training initiatives, and ensuring all employees understand and operate within their defined security responsibilities. 

Critical Work Function

Cybersecurity Risk Implementation & Management

  • Oversee the methodical creation and enhancement of risk frameworks, standards, and techniques.
  • Provide advice on how to handle important cybersecurity risk areas and create a workable plan for responding to cybersecurity breaches.
  • Evaluate business demands considering legal and/or regulatory obligations, as well as cybersecurity risks.
  • Anticipate and address legal, regulatory, and organisational challenges from both internal and external sources.
  • Collaborate with stakeholders in the organization-wide adoption and execution of cyber risk initiatives by offering strategic risk advice.

Cybersecurity Governance and Compliance

  • Establish standardised governance protocols for the purpose of recording and revising security policies, standards, guidelines, and practices.
  • Coordinate the implementation of cybersecurity guidelines and information system controls.
  • Develop a cyber risk maturity model to assess and monitor the organisation’s security posture.
  • Formulate procedures for conducting compliance audits and cybersecurity risk assessments.

Cyber Risk Assessment

  • Provide guidance on the creation of methods and protocols for carrying out cyber risk assessments.
  • Design plans for the organization’s overall cyber risk assessment initiatives.
  • Oversee the organization’s ongoing cyber risk assessment initiatives.
  • Deliver technical and strategic recommendations following the identification of system vulnerabilities.
  • Incorporate emerging risks, issues, and security trends into the organisation’s risk assessment framework.
  • Develop and implement policies and action plans to mitigate identified cyber risks.
  • Cyber Risk Documentation and Awareness.
  • Lead the documentation of tools, techniques, and controls used to reduce cybersecurity threads.

Cybersecurity Risk Mitigation

  • Create projects and programmes to improve the organization’s ability to reduce risks.
  • Manage the organization’s cybersecurity drills, including their preparation and execution.
  • Serve as an authority on cybersecurity incidents, breaches, and post-breach remedial tasks.
  • Recommends protocols and preventive measures to strengthen cybersecurity and prevent recurrence of similar incidents.
  • Monitor and control the maintenance of cybersecurity training programmes for all security personnel, ensuring alignment with current threats and operational requirements.
  • Coordinate organisational responses to audits, inspections, and regulatory inquiries.

Cybersecurity Awareness and Culture

  • Organise security awareness campaigns and communications.
  • Delivery of targeted security awareness training to staff to promote proactive risk behaviour and policy compliance.

Entry Requirements

#1

Cyber Risk Manager

BDQF Level 6 in Cybersecurity, Computer Science, or any related field, with related industry certification, and minimum of 5 years of relevant working experience in cybersecurity or related domains or

BDQF Level 5 in Information Systems, Computer Science, or any related field, with related industry certification or possesses relevant portfolio/experience and a minimum of 8 years in cybersecurity, risk management or compliance.

Skills & Competencies

Technical Skills

Soft Skills

Recommended Technical Training Courses

Certified Cyber Risk Specialist (CCRS), ICTTF

Certified Security Risk Manager

Certificate in Cyber Risk Governance, DCROI

Certified Information Systems Auditor (CISA), ISACA

Certified in Risk and Information Systems Control® (CRISC®), ISACA

ISO 27005 - Risk Manager Certificate

Governance, Risk and Compliance Certificate (CGRC), ISC2

CompTIA CySA+

GEIT (Certified in the Governance of Enterprise IT)

Related Job Roles

ASSOCIATE SECURITY ANALYST

CYBER RISK ANALYST

SECURITY ENGINEER

CHIEF INFORMATION SECURITY OFFICER (CISO)