Cybersecurity Risk Manager

At Ayesa Digital, we grow with you!

Every professional in our company is vital to us. Thanks to their talent, we continue to expand; today, we are a global team of over 11,000 people working toward a common goal.

Ayesa Digital is currently participating in high-impact European Union projects designed to address major European challenges and drive science and innovation. These are strategic technological projects based on collaborative initiatives that stand out for their international focus and a strong commitment to socially-oriented results.

We are seeking a highly skilled Cybersecurity Risk Manager based in Warsaw.

What You Will Do (Responsibilities):

• Develop an organisation’s cybersecurity risk management strategy
• Manage an inventory of organisation’s assets
• Identify and assess cybersecurity-related threats and vulnerabilities of ICT systems
• Identification of threat landscape including attackers’ profiles and estimation of attacks’ potential
• Assess cybersecurity risks, and propose most appropriate risk treatment options, including security controls, and risk mitigation and avoidance that best address organisation’s strategy
• Monitor effectiveness of cybersecurity controls and risk levels
• Ensure that all cybersecurity risks remain at an acceptable level for the organisation’s assets
• Develop, maintain, report and communicate complete risk management cycle

What We Are Looking For (Requirements):

Location & Language:

• Availability: Candidates must be currently residing in or willing to relocate to Warsaw, Poland.
• Language: Professional working proficiency in English (B2 level or higher). Knowledge of Polish is an advantage for local coordination.

Experience & Education:

Experience:

• Experience in making Business Impact Assessments
• Knowledge on risk assessment implementation in GRC Service Now
• Experience in preparing personal data protection documentation
• Experience in tools for graphical and programmatic threat modelling.
• Experience in threat modelling for DevOps
• Experience in designing Zero Trust Architecture
• Expirience in Securing Software Development Lifecycle
• Experience in designing controls for defending Directory Services

Knowledge:

• Perform risks assessments and analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls
• Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards
• Enable business assets owners, executives, and other stakeholders to make risk informed decisions to manage and mitigate risks
• Enable employees to understand, embrace and follow the controls
• Build a cybersecurity risk-aware environment
• Advanced knowledge of risk management frameworks, standards, methodologies, tools, guidelines and best practices
• Knowledge of cyber threats, threats taxonomies and vulnerabilities repositories
• Knowledge of risk sharing options and best practices
• Knowledge of state of the art technical and organisational controls that appropriately mitigate cybersecurity risks
• Knowledge of monitoring, implementing and testing the effectiveness of the controls

• Education: Master´s degree (Level 7 of EQF)

Certificacions:

At least 4 certifications among:

• CISA (ISACA Certified Information Systems Auditor)
• CISM (ISACA Certified Information Security Manager)
• CRISC (ISACA Certified in Risk and Information Systems Control)
• CISSP (ISC2 Certified Information Systems Security Professional)
• CGRC (ISC2 Certified in Governance, Risk and Compliance)
• CSSLP (ISC2 Certified Secure Software Lifecycle Professional)
• CCSP (ISC2 Certified Cloud Security Professional)
• CISSP-ISSMP (ISC2 Certified Information Systems Security Management Professional)
• GSNA (GIAC Certified Systems and Network Auditor)
• GCCC (GIAC Certified Critical Controls)
• GIAC Certified ISO-27000 Specialist
• ISO 27001 Lead implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager

What We Offer:

• Prestigious projects within European institutions.
• International, innovative, and multicultural environments.
• Continuous support from a team of experts in EU projects.

If you are ambitious, enthusiastic, and seeking a new professional challenge in international projects with real-world impact, this is the place for you!

In accordance with Organic Law 3/2007 of March 22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labor discrimination based on sex, and guaranteeing equal entry opportunities. Furthermore, we promote diversity and reject any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment.