Contract - Senior Cyber Risk Engineer
Rate: Open
Location: Remote
Duration: 1 year
Qualifications
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
- Certifications (Preferred): CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent.
- 5+ years of experience in cyber security, compliance, cyber risk assessment, or security auditing.
- Working knowledge of NIST 800-53.
- Proficient in supporting the performance of SOC 2 audits by external auditors and prepare materials to support attestations with NAIC model laws and NYDFS.
- Cloud-based cyber risk management controls (Azure and/or Oracle Cloud Infrastructure).
- Technology management methodologies (DevOps, SAFe, ITIL).
- Proficiency in multiple cyber risk management domains.
- Understanding of cyber risk management oversight and administration processes, security architecture, technical security controls, and data protection strategies.
Responsibilities
- Cyber Risk Management Capability Assessments: Conduct thorough assessments of the effectiveness of cyber risk management capabilities within the organization.
- Gap Analysis: Identify gaps in cyber risk management capability effectiveness and provide recommendations for enhancing the organization's cyber risk management posture.
- Issue Management & POAM: Manage issues and develop Plan of Action and Milestones (POAM) to address identified gaps and vulnerabilities.
- Documentation & Reporting: Develop detailed reports and documentation on assessment findings, remediation plans, and effective metrics.
- Stakeholder Collaboration: Work closely with cyber risk management, technology, and business partners to ensure that cyber risk management capabilities are effective.
- Compliance, Standards, and Regulatory Alignment: Ensure adherence to regulatory and industry standard requirements such as NIST 800-53, SOC 2, 23 NYCRR 500, NAIC Model Law, and HIPAA. As regulations and standards are introduced and updated, assist in enhancing and extending the framework.