Cyber Risk Analyst II / Risk Analyst II

Phoenix, AZ, United States

Cyber Risk Analyst II / Risk Analyst II

Job Locations

US-RI-Providence | US-OH-Cleveland | US-OH-Columbus | US-NY-Albany | US-FL-Jacksonville | US-WI-Milwaukee | US-FL-Orlando | US-AZ-Phoenix | US-PA-Pittsburgh | US-VA-Richmond | US-TX-San Antonio | ...

Requisition ID

2024-9154

Category

Information Technology

Overview

The Cyber Risk Analyst assists in enhancing our information security, information governance, privacy, compliance, and risk management procedures. This role will work with the GRC Manager and other team members to identify flaws and vulnerabilities in business and customer security systems to proactively develop solutions.

Responsibilities

Collaborates with business and engineering executives to identify and enhance existing control processes Evaluates internal control improvement opportunities

Administers audit and security GRC tools, such as ServiceNow, to document, maintain, and enhance controls

Administers third party risk management tools such as Bitsight

Maintains knowledge of key NIST controls and enhances IT controls and policies accordingly

Manages and maintains the controls of the IT audit program

Prepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing

Coordinates testing and validation of IT General Control (ITGC) processes for internal audit

Reviews auditor requests to ensure they are appropriately scoped and reasonable, and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submission

Partners with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures

Identifies and ranks the inventory of third parties that pose a risk to the organization

Collects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a control

Oversees the maturation of the third party risk management program through the development of standard operating procedures

Contributes to the design, creation, and maintenance of risk-based metrics

Leads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion

Qualifications

KEY COMPETENCIES

Communicate Effectively - Listen to understand and clearly convey information in all forms based on the audience to ensure shared meaning of the message.

Act Inclusively - Ensure that actions and behaviors are respectful; show empathy and treat others with dignity. Leverage capabilities and insights of individuals with diverse perspectives, abilities and motivation.

Solve Problems - Identify, prioritize and implement alternatives for a solution.

Demonstrate Agility/Adaptability - Maintain effectiveness and adjust to change by exploring the rationale, trying new approaches, and collaborating with others to make the change successful. Create an atmosphere of open-mindedness to change.

Drive for Results - Show passion and commitment while delivering on business outcomes. Create a sense of individual ownership and accountability.

Champion Innovation - Identify opportunities for new and improved ways of doing things that result in value added, unique and differentiated solutions.

EDUCATION

Bachelor's degree in computer science or a related field

3+ years' experience in governance, risk, and compliance and/or information security or audit

KNOWLEDGE, SKILLS & ABILITIES

Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controls

Expertise in complex business processes and technological risks

Deep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus software

Knowledge of penetration testing, network security, and common techniques to expose and correct security flaws

Advanced understanding of third-party risk management

Prior experience with third-party GRC and vendor management platforms

Superior verbal and written communication skills with technical and non-technical audiences at all organizational levels

Passion and dedication for improving security and compliance maturity in a significant way

Prior knowledge of NIST Special Publications 800-53 and 800-171 is preferred

Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

For Providence, RI this ranges from $79,000.00 - $110,000.00 plus benefits and retirement program.

For Arlington, VA and Boston, MA this ranges from $88,000.00- $120,000.00 plus benefits and retirement program.

Gilbane offers an excellent total compensation package which includes competitive health and welfare benefits and a generous profit-sharing/401k plan. We invest in our employees' education and have built Gilbane University into a top training organization in the construction industry. Qualified applicants who are offered a position must pass a pre-employment substance abuse test.

Gilbane is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, color, national origin, race, religion, sex, sexual orientation, gender identity, protected veteran status, or disability status.

Note to Recruiters, Placement Agencies, and Similar Organizations : Gilbane does not accept unsolicited resumes from agencies. Please do not forward unsolicited agency resumes to our jobs alias, website, or to any Gilbane employee. Gilbane will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of Gilbane and will be processed accordingly.

Need help finding the right job?

We can recommend jobs specifically for you!

Click here to get started.