IT Risk Manager / ITSP Analyst

• Conducting comprehensive IT security risk assessments in accordance with the EC ITSRM methodology (IT Security Risk Management Methodology).
  
• IT system modeling: identification of assets, interfaces, and dependencies.
  
• Conducting threat modeling using threat catalogs.
  
• Selection and justification of adequate security measures.
  
• Creating complete IT Security Plan documents based on DIGIT.S1 templates.
  
• Conducting risk assessments for cloud-hosted systems using shared responsibility models with Cloud Service Providers (CSP).
  
• Conducting risk assessments for systems containing AI components.
  
• Application of client frameworks regarding cloud and AI security.
  
• Controls Baseline Validation (ITSP-CBV)
  
• Performing validation of compliance with the security control set (55 Priority Controls or SNC Controls).
  
• Performing compliance attestation using the GRC-Compliance tool.
  
• Engaging stakeholders on the client side (Attesters, Project Managers, LISOs, SSOs).
  
• Coding validation results in the GRC tool.
  
• Leading interviews and workshops with client stakeholders via MS Teams.
  
• Cooperation with: System Owners, IT Project Managers, System Security Officers, Local Information Security Officers, Data Owners, and Business/IT Architects.
  
• Updating records in the GOVSEC tool (IT risk assessment).
  
• Operating the GRC-Compliance tool (compliance management).
  
• Utilizing the ServiceNow ITSM platform.
  

Requirements

• EC ITSRM methodology – knowledge and practical experience in application (key competency).
  
• Experience with Information security risk management, Threat modeling, Cloud environment security (CSP models, shared responsibility), Security of systems containing AI components.
  
• Knowledge of security controls (compliance frameworks).
  
• experience with GOVSEC – IT risk assessment tool.
  
• Communicative English