Risk Assessor (Cybersecurity)

TL;DR

Risk Assessor (Cybersecurity): Evaluating the security posture of third-party vendors with access to sensitive information or systems of hirify.global with an accent on identifying potential security threats. Focus on developing and implementing risk mitigation strategies and monitoring vendor compliance with security policies and procedures.

Location: Hybrid, at least 3 days from the office in Kraków or Wrocław, Poland

Company

hirify.global is a leading global wealth manager and the leading universal bank in Switzerland, providing diversified asset management solutions and focused investment banking capabilities.

What you will do

• Conduct risk assessments of third-party vendors to identify potential security threats and vulnerabilities.
• Analyze and evaluate vendor security controls, policies, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Develop and implement risk mitigation strategies to address identified vulnerabilities and reduce the organization's exposure to cyber threats.
• Communicate assessment findings and recommendations to internal stakeholders, including senior management, legal, and compliance teams.
• Monitor and track vendor compliance with security policies and procedures through ongoing assessment activities.
• Conduct Cloud assessments and audits.

Requirements

• Bachelor's degree with professional certification in Cybersecurity, Cloud Security, or a related field.
• 5+ years of experience in third-party risk assessment or cybersecurity assessment.
• Audit experience/mindset.
• Strong analytical and problem-solving skills.
• Strong communicator, with good spoken and written English.
• Available to work in a hybrid model at least 3 days from the office.

Nice to have

• Experience with industry-recognized standards for IT security controls and best practices like NIST, ISO27001, PCI DSS, COBIT, SOC 2, etc.
• Certifications such as Certified Third-Party Risk Professional (CTPRP) or Certified Information Systems Security Professional (CISSP).
• One of the following professional qualifications obtained: CEH, CISSP, CISA, CISM, CRISC or ITIL.

Culture & Benefits

• Collaboration is at the heart of everything.
• New challenges and opportunities to grow.
• Supportive team and flexible working options when possible.
• Inclusive culture.