Cyber Risk Lead

Job Description
Our team is part of chief information security office, responsible for protecting digital assets in the enterprise, by proactively identify the risks, deploy modern technologies to protect the enterprise, continuously monitor for active threats and respond rapidly. Our team has highly motivated, innovative and out-of-the box thinkers to continuously improve the security posture in an ever-changing environment.

Your Job

Successful candidate will be a Cybersecurity Lead, responsible for leading Cybersecurity risk management program by defining and implementing risk management framework, risk metrics and dashboard, risk appetite for the entire enterprise to improve the cybersecurity posture and minimize cybersecurity risk exposures. Additionally, this leader will manage the operations including, finances, organization planning, education and communications. This leader will play both an executive advisor and hands-on role requiring deep Cybersecurity subject matter expertise with demonstrated communication skills for active collaboration across various business units in IBM.

Responsibilities :

  • Serves as a leader for cyber security risk domain, developing, implementing and managing the firm's global cybersecurity risk management strategy, framework and approach.
  • Conduct appropriate risk and control challenge and assessment activities to ensure integrated understanding and monitoring of system risks.
  • Develop and execute comprehensive risk-based assessments of the firm's enterprise and business specific cybersecurity risk profiles.
  • Define KPIs to measure enterprise-wide security effectiveness and support Business Unit cybersecurity risk management program governance
  • Through objective verbal and written communications and briefings to provide cybersecurity risk oversight and insight to firm Governance Committees and Senior Management.
  • Identify global cybersecurity regulatory, legislative, and industry specific compliance requirements and applicability to each line of business.
  • Ensure business level cyber security risk assessments are conducted inclusive of annual entity assessments and appropriate third party and supplier risk assessments
  • Oversee the establishment of cybersecurity risk appetite statements applicable to the cybersecurity risk profile for each business unit.
  • Develop robust metrics and reporting to clearly articulate the security posture of each business unit.


Required Technical and Professional Expertise

  • 10+ years of experience in information security and management.
  • Knowledge of risk management framework, methodologies, industry standards.
  • Broader cybersecurity domain expertise.


Preferred Tech and Prof Experience

  • Certifications such as CISSP, CISA, CISM .


EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.


Back to top