Security Risk Management
Role overview
The role of Risk Management is to identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels.
Role level
Typical role expectations
- Communicate risk assessment outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes
- Monitor the efficiency and effectiveness of the risk management processes across the organisation, and make recommendations for continuous improvement
- Conduct reviews and risk assessments when necessary and feed back findings to the relevant parties Interpret and contribute to the development of risk management-related policy, and assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies
Typical role expectations
- Communicate risk assessment outcomes to senior stakeholders in ways that support effective security, risk management and decision-making, and advise senior stakeholders on their approach to risk assessment in the context of their organisational outcomes
- Manage risk management processes across an organisation, reviewing their efficiency and effectiveness, leading recommendations for continuous improvement
- Assess reviews and risk assessments and communicate effectively to relevant senior stakeholder
- Develop risk management-related policy, and assure the ongoing appropriateness of policy in accordance with regulation and wider organisational and government policies
Typical role expectations
- Communicate risk assessment outcomes to leaders across government in ways that support effective security strategy, risk management and decision-making, and advise leaders on their approach to risk assessment in the context of their organisational outcomes
- Lead complex risk management processes across an organisation, reviewing their efficiency and effectiveness, leading recommendations for continuous improvement
- Draw key conclusions from reviews and risk assessments for prioritised concerns and communicate effectively to relevant leadership
- Lead and champion risk management-related policy, and assure the ongoing appropriateness of policy in accordance with regulation and wider organisational and
government policies
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Applied security capability | Awareness | Working | Working |
| Security Risk Management | Awareness | Awareness | Working |
| Protective security | Awareness | Awareness | Working |
| Secure operations management | Awareness | Awareness | Awareness |
| Secure supply chain management | Awareness | Awareness | Practitioner |
| Risk understanding and mitigation | Awareness | Working | Practitioner |
Core learning
Associate
Risk Management for Non-Risk Professional
Certified ISO27001 Practitioner
FOR578: Cyber Threat Intelligence
Lead
Risk Management for Non-Risk Professional
Certified ISO27001 Practitioner
FOR578: Cyber Threat Intelligence
Principal
Risk Management for Non-Risk Professional
Certified ISO27001 Practitioner
FOR578: Cyber Threat Intelligence