A career in Cybersecurity Governance & Risk Management
Working within this specialism in cybersecurity is about protecting the security of an organisation’s information systems and data, by setting policies, monitoring compliance and following defined procedures to identify, assess and manage risks from external and internal threats, all guided by the organisation’s view of any risk.
What will be your responsibilities?
As a Practitioner:
- draft cyber security policies and procedures, taking an account of an organisation’s legal, regulatory and operational requirements
- identify cyber security risks, posed by the combination of vulnerabilities and threats, to the security of an organisation’s information systems and data
- assess the impact and likelihood of identified cyber security risks
- propose measures - including avoidance, mitigation, sharing and acceptance - to manage risks
- create and maintain a risk register or include the cyber security risks in the organisation’s overall risk register
As a Senior Practitioner:
- manage governance and risk management practitioners
- contribute to an organisation’s high-level risk strategy and the definition of its risk appetite
- identify the requirement for policies and procedures and monitor their production and updating
- approve policies and procedures
- set up and maintain the arrangements for managing cyber security risk
- engage with heads of business departments to demonstrate the cyber risks which the organisation faces through existing processes and to recommend changes to them
- assess and report on the effectiveness of company risk management standards and policies
What skills will you need?
Transferable soft skills:
- taking account of multiple complex factors to arrive at logical, repeatable conclusions
- verbal and written communication, especially in producing formal documents which are comprehensive and without ambiguities
- presenting logical, objective reasons for all decisions made
Specialist skills:
- using statistical, mathematical or financial techniques to assess the likelihood (taking account of vulnerabilities and threats) and impact of cyber-attack techniques and deliberate or unintentional damaging actions by people within the organisation
- applying risk management methodologies, such as those in ISO 27001, and sector-specific requirements, such as PCI-DSS
- interpreting legal and regulatory requirements and integrating them with an organisation’s operational requirements
- assessing the compliance of procedures and practice with agreed standards
Transferable skills from a different career path:
- roles in the emergency services, especially fire and police services, which require substantial risk management
- operational and staff roles in the Armed Forces
- business risk management
- business operations
- IT system management
- business continuity
- financial or internal audit
- specialist commercial insurance assessment
RELATED BLOGS
- NDK Cyber Partners with ISTARI to Elevate Global Cyber Leadership
- Secure Insights recognised as "Best Cybersecurity Podcasts Worth Listening To"
- The impact of burnout....
- What cybersecurity certifications are worth it?
- Diversity in Cybersecurity
- What are they cybersecurity risks of Social Media?
- 4 ways to be more productive at work
- What role can Artificial Intelligence play in Cybersecurity?
- Does the 4-day working week work in cyber?
- A Career in Digital Forensics
- A career in Vulnerability Management
- Cybersecurity and hybrid working - is it still hot topic?