ARENGY is an IT-Digital and Engineering Consulting Company operating in the Middle East from Dubai. Our customers are the most successful industry leaders executing projects around the globe. We are partnering with one of the leading Railway System Company in Dubai. We are looking for a Cyber Security Risk Analyst.
Job Description
Your responsibilities:
- Establish Objectives and Scope: Define the goals and scope of the risk assessment. Identify what assets, systems, or processes will be included in the assessment.
- Asset Inventory and Classification: Identify and catalog all assets within the organization, including hardware, software, data, and personnel. Classify assets based on their importance and sensitivity to the business.
- Identify Threats and Vulnerabilities: Analyze potential threats that could affect your assets. This involves understanding the various types of cyber threats (e.g., malware, phishing, insider threats) and vulnerabilities (e.g., unpatched systems, weak passwords) that could exploit those assets.
- Risk Identification: Assess the likelihood and potential impact of threats exploiting vulnerabilities. This involves determining the risk level associated with each potential threat and vulnerability combination.
- Risk Analysis and Evaluation: Evaluate the identified risks based on their likelihood and potential impact. Assign a risk score or ranking to prioritize which risks are most critical.
- Risk Treatment and Mitigation: Develop strategies to address and mitigate the identified risks. This might involve implementing security controls, conducting regular software updates, employee training, or other measures to reduce risk.
- Create a Risk Management Plan: Develop a comprehensive plan outlining how identified risks will be managed. This plan should include prioritization, responsibilities, timelines, and the allocation of resources.
- Implement and Monitor Controls: Implement the risk mitigation measures and security controls as outlined in the risk management plan. Continuously monitor these controls to ensure their effectiveness.
- Review and Update: Regularly review and update the risk assessment process to adapt to new threats, changes in technology, or modifications in business operations.
- Documentation and Reporting: Document all steps taken during the risk assessment process and create reports summarizing the identified risks, mitigation strategies, and the overall risk landscape for stakeholders.
Remember, a risk assessment is an ongoing process that needs regular review and updates to address emerging threats and changes in the organization's infrastructure or operations.
The Cyber Security Risk Analyst should also conduct a Risk assessment following the principle below:
- Risk Context: Understanding the context of risk is crucial. This involves considering the organization's objectives, the business environment, legal and regulatory requirements, and the expectations of stakeholders.
- Risk Assessment Methodology: Establish a structured and systematic approach to risk assessment. Define methodologies and criteria for identifying, analyzing, and evaluating risks consistently across the organization.
- Risk Identification: Identify potential threats to information assets and vulnerabilities within the organization's systems, processes, and infrastructure. This includes internal and external threats, intentional or un
Profile / Requirements
5+ years of Information security or technology experience.
Proven experience in Risk Assessment and Risk Management as per ISO27001.
Holder of a recognized certification such as CISSP, CISM, CRISC, CISA, CompTIA Security+, GSLC, CRM, CEH.