CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Develop and maintain threat modelling methodology for assessing risks;
Establish and update the enterprise threat profile and risk posture;
Conduct threat-based risk assessments of technology and security implementation, changes, and incidents;
Advise the IT and business stakeholders on technology risk and security requirements;
Validate and verify technical controls on their fitness and effectiveness in reducing risks;
Plan and oversee controls testing such as social engineering and red-teaming exercises;
Articulate the business impact and business risk associated with the technology risks;
Develop and maintain technology and security risk metrics;
Measure and monitor key technology risks;
Manage the monitoring of email and web data loss;
Keep abreast of the latest in security controls, threat landscape and emerging technologies;
Take accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks;
Maintain awareness of industry trends on regulatory compliance, emerging threats and appropriate steps to mitigate the risks; and
Highlight any potential concerns/risks and proactively shares best risk management practices.
Degree/Diploma in IT, IS, or Computing and/or relevant domains;
At least 7 years of relevant experience in technology risk management for IT infrastructure and service management, and application development;
Experience or working knowledge in security and IT service management;
Experience or working knowledge in security and IT infrastructure technologies;
Experience or working knowledge in risk monitoring and reporting;
Experience or working knowledge in controls testing such as social engineering exercises and red-teaming;
Knowledge in threat modelling;
Knowledge in industry security practices, frameworks and standards such as ISO27001/2, NIST Cybersecurity Framework, etc.;
Knowledge in data loss monitoring;
Analytical and able to identify systemic risk from risk indicators;
Confident in challenging the stakeholders regarding state of controls;
Adaptable, in a fast-paced, dynamic work environment;
Demonstrated strong leadership skills;
Able to lead and collaborate team effectively;
Strong communication and interpersonal skills. Must work well in a team;
High level of integrity, takes accountability of work and good attitude over teamwork; and
Take initiative to improve current state of things and adaptable to embrace new changes.
To all recruitment agencies: Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.