Cyber Risk Manager, Attack Surface Management/Reduction, is required for this financial based in Buckinghamshire.

You will be experienced in cyber risk management and the threats/vulnerabilities in todays infrastructure world This is Cyber Risk Management focused, Attack Surface Management/Reduction - more than just Vulnerability Management.

You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security threats and incidents.

£80 - 96,000 + Excellent Financial Benefits + Bonus
Hybrid working. Buckinghamshire based x3 days a week, x2 remote working available.

You will have enough of a technical background and capabilities, including at least the understanding of the Vulnerability Assessment/Management arena and now wants to focus more widely, specifically in Attack Surface Management/Reduction.

This role requires solid communication skills, where you could be liaising at all levels, including the CISO.

You will:

Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement.
Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics.
Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders.
Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation.
Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface.

You will bring:

Experience in Cyber Risks and Vulnerabilities, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly.
Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem, infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.)
Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices.
Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices.
Project management (technical) experience preferably within cyber security.