Cybersecurity Risk Manager

Uni Systems is a systems integrator providing consulting, design, implementation, and support in ICT integrated solutions and services across 20+ countries in Europe. The company employs over 1400 people and serves more than 200 customers across various geographies and markets. Uni Systems emphasizes continuous development of its employees through technical trainings, leadership programs, workshops, e-learning courses, and a Mini MBA program in collaboration with ALBA Graduate Business School.

• Master Degree and at least 9 years of relevant professional experience in Information Technology and at least 6 years of experience in cybersecurity risk management or a comparable information security role.
• Minimum of 4 certifications from the following or internationally recognized equivalents: CISSP, CISA, CISM, GSNA, GCCC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC Certified ISO-27000 Specialist.
• Knowledge and experience in conducting cybersecurity risk assessments and analyses.
• Experience implementing cybersecurity risk management frameworks, methodologies, standards, and guidelines.
• Ability to support risk-informed decision-making for business owners, executives, and stakeholders.
• Promote awareness and a risk-aware culture across the organization.
• Understanding of cyber threat landscapes, threat taxonomies, and vulnerability repositories.
• Evaluate risk treatment strategies including mitigation, avoidance, transfer, and sharing.
• Design, assess, monitor, and test the effectiveness of technical and organisational security controls.
• Analyse and consolidate organisational risk and quality management practices.
• Prepare and deliver reports, presentations, and recommendations to technical and managerial stakeholders.
• Conduct Business Impact Assessments (BIA).
• Implement risk assessment processes using ServiceNow GRC.
• Prepare personal data protection and privacy documentation.
• Use graphical and programmatic threat modelling techniques, including within DevOps environments.
• Design and implement Zero Trust Architecture principles.
• Apply Secure Software Development Lifecycle (Secure SDLC) practices.
• Design security controls for protecting Directory Services environments.
• English proficiency at Level C1 or higher.

• Develop and maintain the organisation's cybersecurity risk management strategy.
• Manage and maintain the inventory of organisational assets.
• Identify and assess cybersecurity threats and vulnerabilities affecting ICT systems.
• Analyse the threat landscape, including attacker profiles, threat actors, attack techniques, and potential impacts.
• Assess cybersecurity risks and recommend appropriate risk treatment options, including mitigation, avoidance, transfer, and acceptance strategies.
• Define and recommend security controls aligned with organisational objectives and risk appetite.
• Monitor the effectiveness of implemented cybersecurity controls and associated risk levels.
• Ensure cybersecurity risks affecting organisational assets remain within acceptable levels.
• Develop, maintain, communicate, and report on the complete cybersecurity risk management lifecycle.

Uni Systems provides equal employment opportunities and prohibits discrimination on grounds including gender, religion, race, color, nationality, disability, social class, political beliefs, age, marital status, sexual orientation, or any other characteristics.