Operational Resilience LeadLocation: Remote Poland
The purpose of this role is to support the work of the Chief Information Security Risk officer (CISRO) Function to provide the required second line of defense oversight and challenge to Operational Resilience requirements which include aspects of the Operational Resilience programmer’s from a CISRO ICS standpoint, ensuring the cyber risk (metrics, controls, architectures, threats) requirements are factored into the design, development and implementation of ICS Policies and Standards including meeting the project goals and its adherence to the Information and Cyber Security Risk Type Framework (“ICS RTF”) and associated policies and standards.
The role-holder will support the CISRO deliverables within the Resilience and Architecture function from an Operational Resilience standpoint, including the development, enhancement and delivery of changes in the ICS RTF and associated policies and standards, as well as cyber risk input for the training materials of the Operational Resilience Project.
The role-holder will work with the various workstreams within Operational Resilience for all matters related to cyber risk to ensure the delivery of the Operational Resilience project in line with the CISRO guidelines and strategy for the Resilience and Architecture function.
- Identify ICS requirements for a resilient enterprise with special focus on “Availability”
- Execute implementation of the operational delivery, controls, reporting, and governance of the Operational Resilience project.
- The management and monitoring of all the ICS risk arising within the Operational Resilience Project, across Functions and its subsidiaries.
- Identification, assessment and escalation of delivery risks pertaining to the overall Operational Resilience project.
- Identify architectural gaps and changes required to address strategic change for an increased operational resilience posture.
- Working with the relevant stakeholders within the CISRO Function on the Severe but plausible testing strategy for the operational resilience programme.
- Role requires knowledge and experience in ICS risk management, and information and cyber security risk, threat management, incident response, disaster recovery, availability management, crisis management.
- Professional knowledge of key industry frameworks such as NIST, MITRE, ISO, CIS - required
- Professional knowledge of MITRE ATT&CK and related artifacts - required
- Professional knowledge of cyber threat modelling techniques and practice - required
- Experience with crisis management, disaster recovery and business continuity - required
- Experience with enterprise architecture and security architecture - required
- Analytical approach to risk management - Required
- Experience in enhancing frameworks and policies - required
- Some level of experience in managing cyber risk - required
- Subject matter expertise in emerging Operational Resilience Regulations - required
- Experience of business partnering, including the ability to synthesize and articulate complex and technical topics clearly to diverse audiences
- Ability to manage a diverse and challenging stakeholder community / team
- Proven experience with co-ordination of many dependencies in a complex, large-scale environment
- Excellent oral, written communication and presentation skills
- Specific strong competence in the use of Excel for analysis of complex data and PowerPoint for communication purposes
- Experience with ‘agile’ ways of working.
- Experience with Threat led Penetration testing (not at a technical level but aware of frameworks like CBEST / TIBER / iCAST)
- Strong understanding of threat led risk assessments with regards to Cyber Risks
NICE TO HAVE
tbdCAREER AND PROFESSIONAL DEVELOPMENT
- Competitive salary
- Luxoft Training Center
- Access to e-learning Library
- Individual development plans
- Long-term cooperation with possibility to gain experience in different projects and technologies
- A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)
- Group Life Insurance
- Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
- Medical costs reimbursement for employees (up to certain amount per quarter)
- Travel Insurance
- Benefit Program - Cafeteria and Multisport Card
- Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
- Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
- Convenient locations in a modern offices with game rooms
- Multinational projects for clients all over the world