Define and facilitate the information security risk assessment process in accordance with the enterprise risk management framework, including the reporting and oversight of risk treatment efforts. Liaise with tech teams, project managers, and business units to facilitate information risk assessment and management processes, and work with stakeholders on identifying acceptable risk levels. Implement a risk-based process for managing third-party risks that may result from suppliers, consultants, and other service providers. Security Operations Management Lead the selection, design, and implementation of security tools and technologies and ensure these solutions meet their control objective continuously. Manage response to security incidents to protect information assets and business-critical services. The job holder is expected to be on-call 24x7 to lead the CSIRT in case of high-severity incidents needing prompt attention. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Develop and manage effective disaster recovery policies to align with enterprise business continuity management program objectives. Coordinate the development of runbooks and procedures to ensure that business-critical services are recovered in the event of a security event. Manage and monitor the performance of MSSP partners and other suppliers providing information security services. #J-18808-Ljbffr