Title: Sr. Cybersecurity Risk Analyst
Duration: Contract - 12 months plus
Location: Remote (EST time zone)
Pay Range: $75 - 85 hr
Work Requirements: US Citizen, GC Holders or Authorized to Work in the U.S.

Job Overview:
The cybersecurity risk assessor is a subject matter expert (SME) who works as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies and methodologies. As a risk assessment SME, the individual continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership.
Cybersecurity risk assessors report continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business. The cybersecurity risk assessor focuses on risks within internal and business-controlled areas of security, technology and business processes, as well as third-party risk. The ideal candidate is business-minded, with three to five years of experience in technology and security administration or security risk management. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.
Responsibilities and Duties:

1. Execute Risk Assessments:
   • Perform risk analysis based on observations such as interviews, documentation review, and technical assessments.
   • Areas of focus include, but are not limited to exception process, in-production information resources, and pre-launch projects.
   • Review and document where security controls are adequate or require improvement, defining what the actual risk is to the organization from those short comings.
   • Assess and define the risks from project and non-project based assignments. Analyze risk in people, process, and technology.
2. Liaise with Other Parts of the Company as Related to Risk:
   • Work with partners in Information and Cyber Security, Privacy, Compliance, Third Party Risk Management, IT and OT practitioners, and Internal Audit, across the enterprise.
3. Drive Remediation of Security Gaps to Reduce Risk Levels:
   • Work with business owners to create treatment plans to address risk drivers.
   • Produce bowtie model scenarios for risks to help simplify risk assessment and support business understanding of the risks, drivers, and associated potential impacts.
   • Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.
4. Evaluate Existing Program:
   • Evaluate and make improvements to increase efficiency and effectiveness.
   • Linkage to NIST CSF, utilization of the bowtie model, and mappings to other risk methodologies/models such as COBIT, existing Control Library and Metadata, Risk Heat Map, and process.

Qualifications:

• 3-5 Years of Experience conducting risk assessments, recognizing the differences between risk analysis and compliance assessments.
• Proven familiarity with network and host configurations, application security, cloud services, third-party risk ma nagement and role-based access.
• Understanding of vulnerability and configuration management, and familiarity with a variety of technologies and applications.
• Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of service design, delivery concepts and control frameworks.
• Organized, with the ability to prioritize and complete tasks within defined SLAs.
• Excellent judgment and the ability to work in complex situations.
• Certifications: Preferable, but not required, is one or more of the following: CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP..

Contract Duration: The initial contract duration is 12 months, with the possibility of extension based on project requirements and performance.

#LI-CRG

#LI-Remote

Our benefits package includes:

• Comprehensive medical benefits
• Competitive pay, 401(k)
• Retirement plan
• ...and much more!

About INSPYR Solutions

Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.

24-01690