Cybersecurity Risk Analyst (Hybrid)

Description

• The Cybersecurity Risk Analyst is a cybersecurity program and control assessor and advisor in governance, risk, and compliance functions. This position is responsible for the assessing and advancing of client’s cybersecurity posture and capability to safeguard its digital assets.
• The purpose of this position is to provide highly skilled technical and cyber expertise for development and implementation of the enterprise information security program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security capability analysis; best practices and assurance testing; risk assessment; awareness and education; and development of security control portfolio.

Duties and Responsibilities

• Lead the system-wide cybersecurity compliance program, ensuring IT activities, processes, and procedures meet regulatory and industrial requirements.
• Develop and implement effective policies and practices to safeguard client digital assets and prevent unauthorized access.
• Recommend process improvement and technical directions in matters relating to program maturity, incident investigation, threat management, and control assessment.
• Organize the collection of data from required security artifacts and questionnaires for industry framework and other related industrial and cybersecurity standards and mapping this to the company control portfolio.
• Build and maintain cybersecurity metrics for all levels of management focused on trending and tracking reports to demonstrate compliance and improve resilience.
• Analyze risk associated with technology stack and supply chain and work with business leaders to proactively manage exceptions.
• Develop program strategies to improve cyber hygiene and address awareness and training for all stakeholders.
• Perform security review in technology products and solutions (including security tools and systems), identify gaps in control design and operation, and develop remediation plan.
• Provide advice and input for IT disaster recovery, contingency, and continuity of operations plans.
• Define policy and standards for data protection and recovery.
• Perform access & privilege review for both machine and human accounts.
• Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
• Provide input to risk management process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Experience Requirements

• 1. Five (5) years in cybersecurity with focus on governance, compliance and risk management.
• 2. Bachelor’s degree in Information Systems Security or in a computer related field or similar technical field from an accredited institution required.
• 3. Certified Information Systems Security Professional (CISSP) or other industrial and vendor security certifications preferred.

Knowledge

• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.

“Cleo Consulting is an equal opportunity employer (Minorities/Women/Veterans/Disabled)”