Cyber Security Analyst

Please send your resume in WORD format should you be interested in the following Cyber Security Analyst

• Review and understand the Firm’s current IT Risk Management (“ITRM”) program framework and associated policies, standards, procedures and processes.
• Develop understanding of the Firm’s current controls structure to support the development of standard security responses in response to client questionnaires (e.g., SIG).
• Prepare and respond to related compliance requests including referencing evidentiary artifacts or other documentation.
• Complete external information security assessments and support status tracking of assessment queues.
• Coordinate with external assessors and internal subject matter experts to address compliance inquiries and web-share of security artifacts.
• Assist in further defining the process for completing information security control assessments.
• Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures.
• Develop and maintain the status tracking related to findings from information security assessments, TPRM due diligence/reassessment assessments and associated remediations.
• Contribute to the creation of security related processes and procedures and relevant documents.
• Work with the CISO, senior managers, managers and other internal stakeholders to report existing information security program and ongoing security projects that address information security risks and compliance requirements.
• Manage competing deadlines and multiple external inquires using effective organizational skills and attention to detail as demonstrated by prior work experience.
• Assist TPRM in conducting third party due diligence requests, follow-up and monitoring reviews (e.g., SOC II Type II, SIG responses, Pen Test reviews, etc.).
• Participate in efforts to evolve and streamline TPRM processes and procedures.
• Collaborate with TPRM management and internal subject matter experts to support coordination, tracking, and reporting of TPRM team strategy and goals and complete other tasks as assigned.

• At least five years of combined information technology and information security experience.
• Strong understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT).
• Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A.
• Experience working with internal and external auditing firms.
• Strong understanding of information security concepts and technologies
• Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
• Strong communication skill with the ability to interact with various teams within the administrative and legal departments.
• Experience in the analysis of IT and Security control requirements and understanding of associated technology processes.
• Strong understanding of due diligence and compliance documents (e.g. SOC II Type II, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test, etc.).

• A minimum of 5+ years professional work experience; and
• Bachelor’s degree required.