Cyber Risk Exposure Management Design

Employment Hero

AI Job Summary

  • Deep expertise in CVSS (v3.1/v4.0), EPSS, and CISA KEV.
  • Proven experience designing or enhancing enterprise risk calculation and exposure management.
  • Strong understanding of Australian Essential Eight Maturity Model and NIST CSF 2.0.

Sign up or log in to analyse my fit

Role Type

  • Contract
  • Full-time
  • Mid-level Senior

About the Role

We are seeking an experienced Senior Cyber Risk & Exposure Management Consultant to lead the design of a modernised vulnerability risk scoring and exposure management methodology.

You will design a dynamic, intelligence-driven replacement model that incorporates real-world exploit evidence, industry-specific exposure factors, and a parameterised control effectiveness framework.

This is a design and advisory engagement.

All work is performed on-site in Australia.

Key Responsibilities

  • Review and baseline the existing risk calculation policy, scoring methodology, and supporting artefacts.
  • Conduct structured workshops with stakeholders across Cyber Security, Networks, Operations, Engineering, Risk, and Compliance.
  • Deliver a Discovery Report documenting the current state, gap analysis, and design principles for the replacement model.
  • Define the full intelligence feed set spanning enterprise vulnerability intelligence, industry -specific sources, and network equipment vendor advisories.
  • Design a replacement inherent and residual risk model incorporating exploit intelligence, probabilistic scoring, exploitation evidence flags, and asset criticality.
  • Design industry-specific exposure factors: network reachability tier, segmentation zone, blast radius, emergency services dependency, and operational sensitivity windows.
  • Deliver a Designs covering target architecture, governance model, and transition from the current state with formulas, pseudo-logic, data dictionary, edge case handling, and worked examples across at least three network domains.
  • Conduct model validation workshops and Executive Briefing.

Required Skills & Experience

  • Deep expertise in vulnerability risk scoring frameworks including CVSS (v3.1 and v4.0), EPSS, and CISA KEV.
  • Proven experience designing or significantly enhancing enterprise risk calculation and exposure management models.
  • Strong understanding of control effectiveness frameworks including the Australian Essential Eight Maturity Model and NIST CSF 2.0.
  • Familiarity with MITRE ATT&CK and D3FEND for threat-informed prioritisation.
  • Experience with telco-specific security standards including GSMA FS.31, 3GPP SA3, and ENISA telco threat landscape publications.
  • Familiarity with network equipment vendor advisory processes and how they integrate into vulnerability management workflows.
  • Strong stakeholder engagement skills — able to facilitate workshops with senior technical and executive audiences.
  • Excellent written communication for both technical and executive stakeholders.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

See more jobs in Sydney, New South Wales, jobs in Australia