Cyber Security Risk Manager

Security (Information & Communication Technology)
Other (Education & Training)

Employment Type:
Full time continuing role as a Cyber Security Risk Manager

Location:
UNSW Kensington Campus (Hybrid Working Opportunities)

About UNSW:

UNSW isn't like other places you've worked.
Yes, we're a large organisation with a diverse and talented community, a community doing extraordinary things.
Together, we are driven to be thoughtful, practical, and purposeful in all we do.
Taking this combined approach is what makes our work matter.
If you want a career where you can thrive, be challenged and do meaningful work, you're in the right place.

The Cyber Security Risk Manager is responsible for providing strategic leadership in developing and continuously improving the University's cyber security risk management practices, ensuring that risks are continually identified, assessed, prioritised, monitored, and mitigated in line with UNSW's Enterprise Risk Management framework.
Key responsibilities include managing cyber security risk registers, leading risk remediation efforts, and developing risk mitigation strategies with measurable key risk indicators (KRIs) and key performance indicators (KPIs).
The role also oversees vendor security risk management and annual threat assessments, while delivering regular risk updates to senior leadership and governance forums.
The Cyber Security Risk Manager reports to the Head of Cyber Security Governance & Assurance and has direct reports.

Accountabilities:

• Provide strategic leadership in the development, execution and continuous improvement of the cyber security risk management practices in alignment with UNSW's Enterprise Risk Management framework.
  
• Manage Cyber Security Risk Registers, ensuring identified risks are documented, assessed, prioritised, and remediated.
  
• Lead and direct risk remediation efforts, ensuring timely closure of identified risks.
  
• Develop and implement effective risk mitigation strategies and ensure alignment with business goals.
  
• Develop key risk indicators (KRIs) and key performance indicators (KPIs) to measure and track the effectiveness of risk management strategies.
  
• Ensure new risks are promptly registered and managed following assessments, assurance activities, or security incidents.
  
• Ensure that the threat, risk and control libraries on the GRC platform are up to date.
  
• Lead the execution, and continuous improvement of the annual threat and risk assessment process, including maturity assessments.
  
• Lead and deliver the end-to-end vendor security risk management lifecycle process, including annual risk assessments for high-risk vendors, periodic scorecard reviews, and continuous monitoring through platforms such as UpGuard, CyberGRX and BitSight.
  
• Oversee and deliver the security review process for Requests for Information (RFIs) and Requests for Proposals (RFPs), embedding contractual security requirements in vendor agreements.
  
• Design and optimise operational metrics to drive continuous improvement of the overall cyber security risk management practice, ensuring timely and accurate reporting through the metrics dashboard for inclusion in the quarterly Risk and Safety Committee submissions.
  
• Lead the development and delivery of quarterly cyber security risk updates and briefings to IT executives, business partners, and relevant stakeholders, providing detailed insights into risks and mitigation action status and trends.
  
• Present quarterly risk reports at governance forums, including the GRC Community of Practice (CoP) and Vendor Security Risk Management CoP, while also serving as a subject matter expert on cyber security risk management.
  
• Lead and manage the Cyber Security Risk Working Group, fostering cross-functional collaboration and driving key security risk management initiatives.
  
• Monitor internal and external environments for emerging threats, vulnerabilities, and regulatory changes.
  

Who you are:

• Extensive experience (7+ years) in cyber security risk management, with demonstrated experience in conducting risk assessments, managing risk registers, and overseeing vendor security risk management programs.
  
• Proven experience in developing, implementing and operationally running the cyber security risk management practice in large and complex organisations.
  
• Hands-on experience with security tools and platforms for monitoring, managing, and reporting on cyber security risks such as Protecht GRC tool, CyberGRX, UpGuard, and BitSight is highly desirable.
  
• Certifications such as CISM, CISSP, CRISC, AWS Security Specialty, Azure Security or related certifications are highly desirable.
  
• Strong knowledge of cyber risk management principles, methodologies, frameworks, such as ISO 27001, ISO 31000, NIST 800-53, FAIR and other industry standards.
  
• Proven experience in managing vendor security risk and developing operational metrics for risk management.
  
• Strong project management skills with the ability to balance multiple initiatives and deadlines.
  
• Excellent communication, negotiation and interpersonal skills, with a proven ability to develop effective relationships and influence key stakeholders at all levels in the organisation.
  
• Ability to present with credibility and translate technical and complex information concisely for diverse audiences using strong analytical and problem-solving skills.
  
• Demonstrated experience in presenting risk reports and providing strategic advice on cyber security risk management to senior leadership.
  
• High level of motivation, resilience, and ability to work independently and within a team setting.
  
• An understanding of and commitment to UNSW's aims, objectives and values in action, together with relevant policies and guidelines.
  

To Apply:
If this is of interest to you, please submit your CV, Cover Letter and responses to the Skills and Experience outlined above and in the position description.

Applications close:
17th of November 2024 @ 11.30pm

Benefits and Culture:

• Flexible hybrid working
• Additional 3 days of leave over the Christmas Period
• Access to lifelong learning and career development
• Progressive HR practices
• Discounts and entitlements

UNSW is committed to equity diversity and inclusion.
Applications from women, people of culturally and linguistically diverse backgrounds, those living with disabilities, members of the LGBTIQ+ community; and people of Aboriginal and Torres Strait Islander descent, are encouraged.
UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff.

The University reserves the right not to proceed with any appointment.

The University of New South Wales (UNSW) is one of Australia's leading research and teaching universities.