Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
Certifications (Preferred): CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent.
5+ years of experience in cyber security, compliance, cyber risk assessment, or security auditing.
Working knowledge of NIST 800-53.
Proficient in supporting the performance of SOC 2 audits by external auditors and prepare materials to support attestations with NAIC model laws and NYDFS.
Proficiency in multiple cyber risk management domains.
Understanding of cyber risk management oversight and administration processes, security architecture, technical security controls, and data protection strategies.
Responsibilities
Cyber Risk Management Capability Assessments: Conduct thorough assessments of the effectiveness of cyber risk management capabilities within the organization.
Gap Analysis: Identify gaps in cyber risk management capability effectiveness and provide recommendations for enhancing the organization's cyber risk management posture.
Issue Management & POAM: Manage issues and develop Plan of Action and Milestones (POAM) to address identified gaps and vulnerabilities.
Documentation & Reporting: Develop detailed reports and documentation on assessment findings, remediation plans, and effective metrics.
Stakeholder Collaboration: Work closely with cyber risk management, technology, and business partners to ensure that cyber risk management capabilities are effective.
Compliance, Standards, and Regulatory Alignment: Ensure adherence to regulatory and industry standard requirements such as NIST 800-53, SOC 2, 23 NYCRR 500, NAIC Model Law, and HIPAA. As regulations and standards are introduced and updated, assist in enhancing and extending the framework.
