Cybersecurity Specialist

Location can be Houston,TX or Midland,MI (onsite 4 days)

NO C2C

This role is responsible for identifying and evaluating security risks, documenting findings, assessing security controls, ensuring compliance, collaborating with stakeholders, and continuously improving risk assessment processes. The role requires strong cybersecurity knowledge, effective communication skills, and the ability to recommend strategies for mitigating risks.

Primary Job Responsibilities

•             Perform comprehensive evaluations of information systems, applications, and infrastructure to detect potential security threats.

•             Apply established risk assessment techniques to measure and interpret the likelihood and impact of identified risks.

•             Create thorough reports detailing discovered vulnerabilities, associated risks, and proposed strategies for mitigation.

•             Present risk assessment results to both technical and non-technical audiences in a clear, concise manner.

•             Assess the adequacy and performance of current security measures and controls.

•             Offer recommendations to strengthen security controls for more effective risk management.

•             Verify that cybersecurity procedures comply with industry standards, legal regulations, and company policies.

•             Track regulatory updates and revise risk assessments as needed to maintain compliance.

•             Partner with cybersecurity colleagues, IT departments, and business units to collect relevant data and insights for risk analysis.

•             Work alongside stakeholders to design and implement effective risk mitigation plans.

•             Remain current on emerging cyber threats, vulnerabilities, and industry best practices.

•             Regularly refine risk assessment methods to reflect changes in the cybersecurity environment.

Qualifications

•             Bachelor’s degree in IT discipline preferred or a minimum of 3 years of relevant experience (Experience with vendor risk or enterprise risk assessments)

•             Relevant certifications such as CISSP, CISM, or CRISC are a plus.

•             Proven experience in conducting cybersecurity risk assessments, vendor risk assessments, or related activities.

•             Effective communication skills to convey complex technical information to diverse audiences.