Job Description
As a member of the Privacy, and Data Management team, this position will report to the Director of Information Technology Risk and Compliance and will provide independent and objective assessments to determine if all significant risks are identified and appropriately reported by management and evaluate whether risks are adequately controlled.
Responsibilities :
- Proactively identify and communicate current and emerging risks with appropriate business and leaders.
- Support and maintain the Cyber Threat Management Program.
- Support the creation and maintenance of IT General Controls (to include security controls) to support Cyber Threat Management Program.
- Support the creation and maintenance of the IT General Controls (to include security controls) governance process that leverages the MITRE ATT&CK framework to normalize all known threats, tactics, and procedures to better prioritize changes to security controls in Production.
- Support the creation and maintenance of IT General Controls (to include security controls) catalogue to visualize overall control effectiveness over time.
- Support and maintain tracking of Information Technology Risk and Compliance risks.
- Support the development of Information Technology and Information Security Control Testing plan.
- Support the development of a self-service portal to pull audit data and UCF test data.
- Support the implementation of a GRC Tool.
- Fosters a culture of security across the organization by participating in critical conversations, providing training, and advising departments on GRC matters.
- Liaise with Information Technology on gathering data to support the quantification of various emerging risk scenarios.
- Perform IT and IS Risk assessments against Unified Control Framework.
- Analyze data to better understand potential risks, concerns, and outcomes of decisions.
- Aggregate data from multiple sources to provide a comprehensive assessment.
- Create reports, summaries, presentations, and process documents to display results.
- Develop systems and processes for gathering and storing data for future analytic projects.
Required Skilks:
- 3+ years of experience with:
- Cybersecurity and Data Center Security.
- Internal/External/Application PEN Test methodologies.
- Information Security Threats.
- NIST CSF Framework.
- IT General Controls rationalization and testing.
- Cloud, Endpoint, Mobile, IoT and Application Security.
- encryption methodologies.
- Threat Analysis, Business Analysis, Service Management and Control Governance Services.
- security health checks, patch management, server build & decommission, and change management.
- Foundational understanding of the MITRE ATT&CK Framework
- Strong analytical and problem-solving skills.
- A deep understanding of Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Physical Security, IT operations, Network Security, and Cloud Computing).
- Proficiency in Microsoft Excel, Access, Visio, and other analysis programs.
- Presentation skills, including public speaking and presentation creation using PowerPoint or a similar program.
- Understanding risks and internal controls and the ability to evaluate and determine the adequacy and effectiveness of controls.
- Experience required with FINRA, FFIEC, PCI, CCPA, NYDFS regulatory requirements.
- Experience in building technical risk assessment or security assurance programs.
- CISSP, SANS GIAC-GSEC or CISA certifications are strongly preferred. Other relevant certificates will be considered.
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.