Cyber Risk Analyst

Job Description

We are excited to be working with a global financial organization in Nicosia, Cyprus who are in search of a Cyber Risk Analyst. 

Company

The company is fast-paced, cloud-first, and innovative tech. They focus on leading eMoney, open banking & instant payment solutions. They look to optimise the online payment experience, and make the onboarding and payment journey better and safer.

They operates a sophisticated & patented anti-money laundering and anti-fraud system that also provides transactional security to business and retail customers. It is real time and detects the AML issues currently in focus by regulators.

Their inhouse developed platforms allow them to deliver technology and financial services to their customers. The Group employs more than 140 staff located across offices located in Australia, Cyprus, Lithuania, United Kingdom,
Netherlands, USA, Israel, Malta.

Who you are?
• An experienced professional with 3 years’ experience working in Cyber Security, Information Technology, or Risk Management domains for financial institutions (Payments) or the banking sector.
• Obtained relevant information security and risk certifications, such as CRISC, CISSP, CISA, CIA, CRMA, etc.
• Knowledge of standards, controls, and frameworks, such as CIS Controls, CSA Cloud Controls Matrix, ISO 27001, ISO 27005, SOC2, NIST Standards (800-53, CSF). You can demonstrate working with at least two of these but have a deeper understanding of PCI DSS compliance requirements and risk management methodologies.
• Proficient in authoring and maintaining information security policies and procedures to a professional standard, and able to contribute to the development of security best practice documentation.
• Demonstrates a strong comprehension of data privacy controls and GDPR requirements and can apply this knowledge to proficiently identify information, as well as recommend controls to adequately safeguard information across the entire data lifecycle, ensuring confidentiality, integrity, and availability.
• Developed of a strong understanding of security safeguards and can recommend the appropriate type of controls to manage risk effectively – preventative, detective, and corrective, etc.
• Understands the Cyber Incident Response process and governance requirements able to meet compliance and regulatory requirements.
• Experience conducting, managing, or supporting compliance audit activity.
• An ability to work independently and prioritise work to manage conflicting deadlines, and confident to take the initiative and say what you think.
• You’re an avid cyber security/risk professional that follows industry trends and able to understand the latest developments and identify opportunities to address control gaps and known risks.
• You can integrate with a multicultural organisation and bring a professional work ethic to your conduct of team leadership and lead by example. You display strong communication and leadership skills.

The nice to have…
• Experience working with fast-paced, cloud-first, innovative fintech companies that have challenged you to think creatively to address complex objectives and meet regulatory and compliance requirements.
• Previously worked collaboratively with Technology Teams and Risk and Compliance functions to support the delivery of projects and reduce risk.

What you’ll do? (the role)
As a Cyber Risk Analyst, you will report to the Chief Security Officer and have a primary responsibility of supporting the cyber regulatory compliance function. This role ensures that all compliance matters are driven by quality and centrally supported through best practices.

Your duties will involve managing the company's GRC Platform tool to report, oversee, and aid in remediating risks related to Cyber and Information Security across the organization. This newly established position will provide the Cyber Security Team with the necessary resources and focus to achieve positive outcomes for all audit, compliance, and regulatory obligations. Moreover, it will contribute to the development of an internal security control framework.

You will be at the forefront of efforts to identify and classify information processed and stored by the company, ensuring the design and effective operation of robust controls to provide security throughout the data lifecycle.

Developing and maintaining policies that align with the company's regulatory requirements is a critical aspect of this role to support alignment with compliance standards such as PCI DSS, ISO 27001, DORA, and PSD2.

Conducting risk assessments will be necessary in response to major/significant changes to systems, processes, or the onboarding of third-party providers. These assessments will identify the critical reliance of these components on the organization and its services. The formulation of risk treatment plans, which include controls to deliver acceptable residual risk for the business, will also be part of your responsibilities.

You will identify and communicate key risks to stakeholders through regular reporting and dashboards. This will allow senior leadership teams to monitor the impact of improvements and changes and receive advice on necessary course corrections.

This role presents extensive developmental opportunities within the company for individuals with the right attitude and drive. Training opportunities will be provided to foster a successful ongoing career with a growing company in the Fintech/Regtech space where you can contribute your ideas and enthusiasm.

What they offer?
• Competitive Salary
• Private health insurance plan participation
• Performance Bonus, including mix of cash and share-based scheme of company stock for outstanding performers.

Right to Work
You must have the right to legally reside and work in the Republic of Cyprus or be an EU citizen.
Employment is subject to a National Police check.