Cybersecurity Senior Risk Analyst I

Optima Global Solutions Inc.is a valuable IT Services and Solution provider that customers, employees, and stakeholders feel proud to be associated with. Optima's Intelligent Automation Solutions leverage robotic process automation, intelligent data capture, and business process management best practices to streamline operations. Our IT Services practice provides organizations with highly personalized, comprehensive, U.S. based recruiting services supported by our internal onsite team of subject matter experts.

Currently, we are hiring for the following position;

Cybersecurity Senior Risk Analyst I

Our client, New York City, continues to advance their cybersecurity posture, it is essential that they have analysts dedicated to managing and execution of governance, risk, and compliance functions on behalf of the CISO and senior level executives. The Senior Risk Analysts will be responsible for implementing tools and practices to enhance processes related to third-party risk management, risk assessment, and general cyber risk governance. The position requires a diverse background in governance, risk, and compliance; analysis; technology implementation; project management; and collaboration with diverse groups of stakeholders to strengthen the security posture of New York City agencies.

The Senior Risk Analysts will be expected to continue building an effective Citywide Cybersecurity risk program. These analysts will be responsible for improving our risk assessment process to make it more user-centric, interviewing and communicating with agencies when performing risk assessments, and driving creation of a third-party vendor register and monitoring process. Analysts will review and analyze technologies for inventorying third parties, collaborate with SMEs to collect third party intelligence and define actions based on it, and design steps for reviewing existing third parties in our portfolio.

SCOPE OF SERVICES

Tasks Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise; Work with stakeholders across various divisions, soliciting input and working through feedback; Evaluate risk of third parties used by New York City agencies; Document and track remediation of risks in the Risk Register; Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies; Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines; Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary; Engage in communications with NYC Agencies; Handle special projects and initiatives as assigned.

MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered

A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team .

DESIRABLE SKILLS/EXPERIENCE: BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.

One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) CompTIA Security+ CompTIA Network+ CompTIA A+ CompTIA CySA + Cisco Certified Network Associate - CCNA CEH: Certified Ethical Hacker GIAC Information Security Fundamentals (GISF) GIAC Security Essentials (GSEC) (ISC)2 Systems Security Certified Practitioner (SSCP) Ability to work effectively in a team environment. Being highly organized, motivated and a self-directed professional. Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. Understanding of commonly used computer operating systems, databases, network structures. Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) Investigative and analytical skills. Excellent oral and written communication skills; Knowledge of the current and evolving cyber threat landscape; Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;

Interested candidates, please apply online with a detailed resume and contact information.

Thank you.