Cyber Risk Analyst II / Risk Analyst II
Columbus, OH, United States
Cyber Risk Analyst II / Risk Analyst II
Job Locations
US-RI-Providence | US-OH-Cleveland | US-OH-Columbus | US-NY-Albany | US-FL-Jacksonville | US-WI-Milwaukee | US-FL-Orlando | US-AZ-Phoenix | US-PA-Pittsburgh | US-VA-Richmond | US-TX-San Antonio | ...
Requisition ID
2024-9154
Category
Information Technology
Overview
The Cyber Risk Analyst assists in enhancing our information security, information governance, privacy, compliance, and risk management procedures. This role will work with the GRC Manager and other team members to identify flaws and vulnerabilities in business and customer security systems to proactively develop solutions.
Responsibilities
Collaborates with business and engineering executives to identify and enhance existing control processes Evaluates internal control improvement opportunities
Administers audit and security GRC tools, such as ServiceNow, to document, maintain, and enhance controls
Administers third party risk management tools such as Bitsight
Maintains knowledge of key NIST controls and enhances IT controls and policies accordingly
Manages and maintains the controls of the IT audit program
Prepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing
Coordinates testing and validation of IT General Control (ITGC) processes for internal audit
Reviews auditor requests to ensure they are appropriately scoped and reasonable, and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submission
Partners with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures
Identifies and ranks the inventory of third parties that pose a risk to the organization
Collects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a control
Oversees the maturation of the third party risk management program through the development of standard operating procedures
Contributes to the design, creation, and maintenance of risk-based metrics
Leads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion
Qualifications
KEY COMPETENCIES
Communicate Effectively - Listen to understand and clearly convey information in all forms based on the audience to ensure shared meaning of the message.
Act Inclusively - Ensure that actions and behaviors are respectful; show empathy and treat others with dignity. Leverage capabilities and insights of individuals with diverse perspectives, abilities and motivation.
Solve Problems - Identify, prioritize and implement alternatives for a solution.
Demonstrate Agility/Adaptability - Maintain effectiveness and adjust to change by exploring the rationale, trying new approaches, and collaborating with others to make the change successful. Create an atmosphere of open-mindedness to change.
Drive for Results - Show passion and commitment while delivering on business outcomes. Create a sense of individual ownership and accountability.
Champion Innovation - Identify opportunities for new and improved ways of doing things that result in value added, unique and differentiated solutions.
EDUCATION
Bachelor's degree in computer science or a related field
3+ years' experience in governance, risk, and compliance and/or information security or audit
KNOWLEDGE, SKILLS & ABILITIES
Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controls
Expertise in complex business processes and technological risks
Deep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus software
Knowledge of penetration testing, network security, and common techniques to expose and correct security flaws
Advanced understanding of third-party risk management
Prior experience with third-party GRC and vendor management platforms
Superior verbal and written communication skills with technical and non-technical audiences at all organizational levels
Passion and dedication for improving security and compliance maturity in a significant way
Prior knowledge of NIST Special Publications 800-53 and 800-171 is preferred
Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.
For Providence, RI this ranges from $X88,200 - $121,300.00 plus benefits and retirement program.
For Arlington, VA and Boston, MA this ranges from $98,200.00- $135,000.00 plus benefits and retirement program.
Gilbane offers an excellent total compensation package which includes competitive health and welfare benefits and a generous profit-sharing/401k plan. We invest in our employees' education and have built Gilbane University into a top training organization in the construction industry. Qualified applicants who are offered a position must pass a pre-employment substance abuse test.
Gilbane is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, color, national origin, race, religion, sex, sexual orientation, gender identity, protected veteran status, or disability status.
Note to Recruiters, Placement Agencies, and Similar Organizations : Gilbane does not accept unsolicited resumes from agencies. Please do not forward unsolicited agency resumes to our jobs alias, website, or to any Gilbane employee. Gilbane will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of Gilbane and will be processed accordingly.
Need help finding the right job?
We can recommend jobs specifically for you!
Click here to get started.