No more applications are being accepted for this job

Cybersecurity Analyst - Doral, United States - iTechStack Inc

iTechStack Inc Doral, United States

1 month ago

Description

Job Title: Risk Analyst

Location: Miami, FL(Onsite)

Contract: 12Months ( Possible of extension)

Job Overview:

The cybersecurity risk assessor is a subject matter expert (SME) who works as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies and methodologies. As a risk assessment SME, the individual continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership.

Cybersecurity risk assessors report continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business. The cybersecurity risk assessor focuses on risks within internal and business-controlled areas of security, technology and business processes, as well as third-party risk. The ideal candidate is business-minded, with three to five years of experience in technology and security administration or security risk management. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.

Responsibilities and Duties:

Execute Risk Assessments:

Perform risk analysis based on observations such as interviews, documentation review, and technical assessments.

Areas of focus include, but are not limited to exception process, in-production information resources, and pre-launch projects.

Review and document where security controls are adequate or require improvement, defining what the actual risk is to the organization from those short comings.

Assess and define the risks from project and non-project based assignments. Analyze risk in people, process, and technology.

Liaise with Other Parts of the Company as Related to Risk:

Work with partners in Information and Cyber Security, Privacy, Compliance, Third Party Risk Management, IT and OT practitioners, and Internal Audit, across the enterprise.

Drive Remediation of Security Gaps to Reduce Risk Levels:

Work with business owners to create treatment plans to address risk drivers.

Produce bowtie model scenarios for risks to help simplify risk assessment and support business understanding of the risks, drivers, and associated potential impacts.

Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.

Evaluate Existing Program:

Evaluate and make improvements to increase efficiency and effectiveness.

Linkage to NIST CSF, utilization of the bowtie model, and mappings to other risk methodologies/models such as COBIT, existing Control Library and Metadata, Risk Heat Map, and process.

Qualifications:

3-5 Years of Experience conducting risk assessments, recognizing the differences between risk analysis and compliance assessments.

Proven familiarity with network and host configurations, application security, cloud services, third-party risk management and role-based access.

Understanding of vulnerability and configuration management, and familiarity with a variety of technologies and applications.

Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.

Strong written and oral communication skills across varying levels of the organization.

Understanding of service design, delivery concepts and control frameworks.

Organized, with the ability to prioritize and complete tasks within defined SLAs.

Excellent judgment and the ability to work in complex situations.

Certifications: Preferable, but not required, is one or more of the following: CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP..