Cybersecurity

About the Company

The Cybersecurity Risk and Compliance Analyst ensures that the organization's technology ecosystem is evaluated correctly, assessed, and managed to ensure compliance and minimize cybersecurity risk exposure and impacts to the business. The analyst will assist with tracking open audit findings and facilitate response generation, information gathering, testing evidence, and escalation of the prior conclusions. The analyst will collaborate with infrastructure team members, drive the adoption of security best practices, assist with creating new policies, improve existing security processes, and support adherence to the organization's security policies and procedures.

Responsibilities

• Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals.
• Monitors and audits compliance of cybersecurity policies to identify gaps.
• Designs, implements and maintains cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures.
• Oversees security activities such as access control, incident management, response, forensics, and reporting.
• Build communication and escalation plans around third-party cybersecurity risk management activities within the enterprise.
• Works with regulatory officers and auditors as necessary.
• Coordinates the gathering of third-party cybersecurity risk assessment data and prepares cybersecurity risk assessments for critical-related third parties as needed, to be published and communicated to stakeholders.
• Tracks identified cybersecurity risks and risk events.
• Maintains a current understanding of industry trends, emerging cyber threats, and new solutions that may impact the environment.
• Performs security reviews and identifies security gaps in security architecture, resulting in recommendations for inclusion in the risk mitigation strategy.
• Works with stakeholders to communicate business risk and mediation by agreed protection levels.
• Plans and conducts security authorization reviews and assurance case development for installing systems and networks.
• Performs IT and IS control reviews including, but not limited to, operating procedures, system security, programming controls, backup and disaster recovery, and system maintenance.

Qualifications

BS or MA in computer science, information security, cybersecurity or a related field.

Required Skills

• 3+ years of experience in an IT audit, enterprise risk management (ERM) role or cyber risk management role.
• 3+ years of experience with regulatory compliance, risk management frameworks, and information security management frameworks (e.g., ISO 27000, CMMC, NIST 800-171, NIST Risk Management Framework, CARF, etc.).
• Strong background in conducting Business Impact Analysis (BIA) to evaluate the potential impact of cybersecurity risk on critical business processes and functions.
• Experience understanding and articulating business goals and objectives.
• Experience identifying and assessing risks to the organization's business.
• Experience communicating complex technical concepts to non-technical audiences.
• Experience with cybersecurity principles and practices, including risk management, security controls, and incident response.
• Experience with cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems.
• Familiarity in one or more of the following areas: Identity management, PAM, SSO and MFA.
• Ability to leverage research from various sources such as government research, think tanks, academic research, and industry reports.

Equal Opportunity Statement

Include a statement on commitment to diversity and inclusivity.