Cyber Risk Advisor

**About Us**

**Role Summary**
- As a Cyber Risk Advisor I, you will work proactively in assessing and prescribing remediation actions relating to cyber risk exposures within Sophos customers’ environments. Chief among your responsibilities will be conducting comprehensive vulnerability assessments, threat landscape analysis, and developing risk-based remediation plans with the goal of reducing customers’ attack surface and mitigating their exposure to cyber threats.

**What you will do**:

- Review recurring assessments for enterprise assets, report on discovered vulnerabilities and exposures, and guide customers’ mitigation strategies, tracking remediation against service objectives
- Perform research and analysis of vulnerability assessments; contextualize and prioritize results so as to guide customers’ remediation efforts
- Utilize threat-based, intelligence-led approach to vulnerability, threat and exposure management to reduce customers’ cyber-risk
- Assist in the development of risk-based remediation plans with proposed solutions for identified vulnerabilities and exposures
- Understand how business functions operate and how industry trends impact customers’ business objectives
- Lead Risk Review sessions where you will deliver key messages with clarity, confidence, and poise to instill confidence in customers
- Develop impactful reports and presentations that support the achievement of engagement goals and objectives
- Build and nurture positive working relationships with customers with the intention of exceeding customer expectations and service delivery objectives
- Collaborate with stakeholders to prioritize vulnerability and exposure remediation and address potential attack vectors
- Stay informed on the current threat landscape to maintain current knowledge of vulnerabilities and exploitation tactics and techniques; advise customers on security countermeasures accordingly
- Collaborate with cross-functional teams to design and implement advanced vulnerability and managed risk dashboards
- Liaise with customer compliance teams to understand unique compliance requirements of Sophos Managed Risk customers
- Engage in continuous, self-driven learning to stay current on trends, strategies, and technologies in the Vulnerability, Threat and Exposure Management spaces
- Introduce and evolve practices, templates, policies, tools, and partnerships to expand upon and mature service offering capabilities
- Identify opportunities for efficiencies in process and innovative approaches to completing scope of work
- Maintain strong working relationships and credibility amongst groups within the Sophos Managed Services organization

**What you will bring**:

- Bachelor's in information technology, Computer Science or a related field; or relevant commensurate work experience
- Exceptional writing, documentation, and presentation skills to effectively communicate findings and remediation strategies to customers/stakeholders
- 3-5 years of experience in conducting vulnerability assessments, attack surface management preferably in both IT and OT (Operational Technology) environments
- Must be able to thrive within a team environment as well as on an individual basis
- Advanced understanding of risk analytics/modeling and vulnerability assessment
- Proficient in utilizing vulnerability scanning tools, e.g., Tenable
- In-depth understanding of vulnerability classification and scoring methodologies (CVSS, CVE, CWE, NVD), as well as exploitability likelihood models such as EPSS, CISA KEV, Tenable VPR
- Familiarity with compliance frameworks including, but not limited to: ISO27001, SOC2, SOX, GDPR, HIPPA, PCI-DSS, and State/FedRAMP
- Knowledgeable about cybersecurity best practices and frameworks, including SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, Cyber Kill Chain, MITRE ATT&CK Framework, CIS Controls, and OWASP Top 10
- Ability to prioritize impactful vulnerabilities and minimize noise often associated with vulnerability tools
- Foster a culture of continuous learning by organizing knowledge-sharing sessions and workshops, while acting as mentor to junior team members by providing guidance on best practices, industry insights and professional development thereby equipping them with the skills needed to excel in their roles
- Skilled in managing time independently while juggling multiple projects concurrently in a fast-paced environment
- Superior customer service skills

LI- Remote
- #B2

**Ready to Join Us?**

**What's Great About Sophos?**
- Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information.
- Our people - we innovate and create, all of which are accompanied by a great sense of fun and team spirit
- Employee-led diversity and inclusion networks that build community and provide education and