Specialist - Technical Risk Assessment

Overview
Technical Risk Assessment Specialist role involves conducting comprehensive risk assessments on the technical risk associated with a product, service of Core42 across the whole life from development to decommissioning. The role requires competency in evaluating technical risks pertaining to IT Infrastructure, Data Centres, Applications, Cloud, and AI on systems and technical architecture, information security, business continuity.

Responsibilities

1. Overall Risk Assessment & Management
   • Baseline Technical Risk Assessment (TRA) Criteria and Checklist on Core42 Infrastructure, Data Centres, Applications, Cloud, and AI on Core42 products, services, & locations.
   • Map Risk and Control Statements to industry, contractual and partner standards to ensure compliance.
   • Execute TRAs based on identified plan and document the risk assessment based on Core42 ERM standards and ensure its agreement with stakeholders.
   • Ensure Follow-Up of identified risks based on agreed handling plans to ensure risk management in relation to risk rating and risk appetite.
   • Report on the status of the risk assessments to stakeholders and to GRC.
2. Threat Assessments And Modelling
   • Collaborate with stakeholders to analyze threat intelligence, identify vulnerabilities and develop appropriate mitigation strategies.
   • Monitor and analyze emerging threats and vulnerabilities in the landscape of information security, particularly related to cloud environments and AI technologies.
3. Service And Operations Management
   • Collaborate with IT and operations teams to ensure that risk management practices are integrated into service management processes (ITIL).
4. Applications Security And Management
   • Conduct security assessments of applications, focusing on secure coding practices, OWASP vulnerabilities, and security testing techniques.
   • Support development teams in integrating security into the software development lifecycle (DevSecOps).
   • Advocate for and implement DevSecOps practices to integrate security into the CI/CD pipeline, ensuring that security considerations are part of the development lifecycle.
5. Compliance, Cloud Governance
   • Establish governance frameworks for cloud environments (AWS, Azure) that ensure compliance with security best practices (ISO and SOC 2) and regulatory requirements.
   • Recommend cloud security controls, including identity and access management (IAM), data encryption, and monitoring/logging solutions.
6. Supply Chain Risk Management
   • Assess third-party vendors for compliance with security standards, conducting risk assessments that evaluate their security posture and data handling practices.
7. Ethical Hacking And Offensive Security
   • Implement offensive security practices to identify and address vulnerabilities through ethical hacking assessments.
   • Collaborate with security teams to review penetration testing and vulnerability assessments.
   • Engage with red team activities to simulate real-world attacks and improve the organization's overall security posture.
8. Business Continuity Considerations
   • Evaluate the business continuity implications of onboarding new applications and services, ensuring that recovery strategies are in place and aligned with organizational goals.
   • Conduct Business Impact Analyses (BIAs) to assess the potential impact of disruptions and ensure that critical business functions can be maintained.
9. Collaboration and Awareness
   • Conduct training sessions and workshops to enhance understanding of technology risks, secure coding, application security, incident response and vulnerability management.
   • Work closely with IT, security, compliance, and development teams to promote risk awareness and implement risk management practices in DevSecOps environments.
   • Prepare detailed risk assessment reports and executive presentations that communicate findings and recommendations to technical and non-technical stakeholders.

Qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field; Master's degree preferred.
• 4 to 8 years of experience in information security, operational risk management, or DevSecOps environments.
• Strong understanding of security frameworks and standards (e.g., NIST) and their application in risk assessments.
• Proficiency in security technologies, including firewalls, IDS/IPS, SIEM, and encryption.
• Proven experience in application security and implementing security by design principles in software development.
• Experience in conducting AI audits and risk assessments for machine learning models and algorithms.
• Experience with compliance frameworks (ISO 27001, SOC 2) and regulatory requirements.
• Familiarity with cloud security best practices and platforms (AWS, Azure).
• Understanding of DevSecOps principles and tools.
• Knowledge of application security principles and secure coding practices.

Skills

• Relevant security certifications like CISSP, CISA, CEH, CCSP, CASE, CDP are preferred.
• Expertise in security tools for vulnerability assessment, penetration testing, and incident response.
• Familiarity with DevSecOps practices and tools.
• Understanding of programming and scripting languages to facilitate risk management.
• Proficient in cloud security principles and practices.
• Excellent communication and collaboration skills to work effectively with technical teams and executive leadership.

What We Look For
If you are a performance-driven, inquisitive mind with the agility to adapt to ambiguity, you will fit right in. You should be eager to explore opportunities to build meaningful collaborations with stakeholders and aspire to create unique customer-centric solutions. Bias for action and a passion to conquer new frontiers in the AI space is at the heart of the Core42 community.

What Working At Core42 Offers

• Culture: An open, diverse and inclusive environment with a global vision that encourages personal growth and focuses on ground-breaking, industry-first innovations.
• Career: Outstanding learning, development & growth opportunities via structured training programs and innovative, high-tech projects.
• Work-Life: A hybrid work policy to strike the perfect balance between office and home.
• Rewards: A competitive remuneration package with a host of perks including healthcare, education support, leave benefits and more.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.