If you’ve been on the cyber security job hunt recently, you might have seen more and more vacancies cropping up with names like “Head of Cyber Risk Management” or “Cyber Risk Incident Response Manager”. Across multiple industries, organizations are recognizing the need to formalize their cyber risk management processes.
For us, this comes as a welcome development. At Vulcan Cyber, we’ve been championing the need to own risk for a while now, and we’re happy to see companies hire for dedicated roles tackling this challenge. And we’ll go ahead and predict that we’ll be seeing more and more cyber risk management jobs appear in the near future.
These positions are targeting cyber security experts who also have the ability to lead and motivate teams and even those more senior to them to become proactive about cyber risk and taking measures to reduce it.
Cyber risk is growing. 2021 saw more vulnerabilities than ever before, with the risk of data breaches skyrocketing in the face of emerging technologies and attack surfaces - and static or ineffectual security processes. Organizations are forced to confront the uncomfortable reality that their security programs are out of step with the evolution of cyber risk today.
Effective cyber risk management is a continuous work in progress, requiring constant attention and optimization across all attack surfaces and all stages of the process - from asset visibility, to prioritization, to risk mitigation. It’s a big job, and one that deserves more attention. A senior position targeting this issue is a major step in the direction of getting our risk in order. It demonstrates that the issue is starting to be seen as one that requires proactive, pre-emptive attention, and cannot be left to fester until emerging as an unmanageable and critical situation.
But a relevant job vacancy on its own is not enough to turn the tide of cyber risk. The role - and the person who occupies it - must be positioned to lead and communicate all things cyber risk to the entire organization, from board level down. All parties involved in the risk mitigation process must understand the threats posed and their roles in the process. The cyber risk management leader must keep teams motivated, and sustain the level of urgency that cyber risk demands. Going even further, the “Head of Cyber Risk Management” must empower people at all levels to become owners of risk themselves, giving them the tools and know-how to become an integral part of the risk mitigation effort.
So we’re glad to see cyber risk management jobs become more commonplace in major organizations - it’s a clear sign that cyber risk is firmly on their radar, and that the concerns of their security teams are being heard. But it’s nothing more than a fancy job title unless the person hired is backed to lead people and processes from ineffectual or limited cyber security workflows, and towards fully owning their risk.