Senior Cyber Risk Analyst With Governance/Compliance/Financial Auditing

Role: Senior Cyber Risk Analyst with GOVERNANCE/COMPLIANCE/FINANCIAL AUDITING 
Location: Deerfield Beach, FL (Hybrid - 3 days a week onsite or 1 week a month)
Duration: 6 months with possible extensions

KEY NOTES:

Areas of Expertise Risk Management No 1 - 6 + Years
Areas of Expertise Information Security No 2 - 6 + Years
Areas of Expertise Supply Chain No 3 - 2 - 4 Years

Description: The Senior Cyber Risk Analyst will report to the IT Governance, Risk and Compliance Manager and will support the Information Security department. In this position, you will be an integral part of advancing the company's enterprise Information Security Program. The Senior Cyber Risk Analyst will be responsible for identifying, analyzing, and influencing the management of information risks across the organization, with a strong focus over Third Party Risk Management (TPRM). The Sr. Cyber Risk Analyst will help to coordinate across the organization to understand, categorize and prioritize security risks, applying business context, leading to clear security risk mitigation strategies. This senior-level analyst will have a depth of experience enabling them to understand both information security risks and business context. This individual contributor will be a skilled communicator across all audience types, up to executive leaders.

Responsibilities:

• Conduct Third-Party Risk assessments and manage InfoSec Third-Party Risk Management (TPRM) program.
  
• Communicates risk assessment findings to information security "customers, or business partners.
  
• Provides consultative advice to information security customers that enables them to make informed risk management decisions.
  
• Maintain risk management initiatives in GRC/TPRM platform(s).
  
• In-depth knowledge of information security management system standards (e. g. SOC 2), frameworks, information technology regulatory and compliance requirements (e. g., PCI-DSS, GDPR, CCPA, HIPAA,), and industry best practices, particularly around TPRM.
  
• Performs focused risks assessments of existing or new services and technologies.
  
• Identifies and implements appropriate controls to effectively manage information risks as needed.
  
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
  
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
  
• Work closely with Information Security Architecture, Engineering, and relevant operational teams to gather data and insights leading to holistic risk security awareness.
  
• Conduct periodic internal assessments for security risk.
  
• Conduct ongoing research to keep current of latest security issues, threats, and technical capabilities.
  
• Perform other essential duties as assigned.
  

Desired Skills:

• Working knowledge of Third-Party Risk Management (TPRM) program tools, such as ProcessUnity/Prevalent.
  
• An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
  
• Knowledge of security and privacy frameworks (e.g., NIST CSF, 800-53, CIS CSC, COBIT, CCPA, HIPAA, ISO 27001/2).
  
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
  

Qualifications/Requirements:

• 8+ years of experience within large scale information security risk management programs.
  
• 8+ years of Information Technology and/or Information Security experience.
  

• Strong grasp of key elements for a successful Risk Management Program and related frameworks or standards (e. g. NIST, ISO, COBIT), particularly as it relates to running a Third-Party Risk Management (TPRM) program.
  

• Demonstrated knowledge of a broad range of technical concepts: logical access control, agile development process/DevSecOps, secure coding principles, security architecture frameworks and methods, information security, network security, and privacy.
  
• Experience with interpreting results of scanning and compliance tools such as Qualys/Nessus/Rapid7/Laceworks as it pertains to documenting information security risk(s).
  
• Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude.
  
• Excellent written and verbal communication skills and ability to interface with all levels of business and executive leadership.
  
• Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude.
  
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism.
  
• Demonstrated ability to troubleshoot complex problems and recommend appropriate actions.
  

License / Certificate (any of the following a plus):
CISSP, CISM, CIPP, GIAC, CRISC, CISA