Senior Cyber Security Risk Analyst - 1977425
Buffalo, New York
Employer: Lighthouse Technology Services
Industry:
Salary: $60 - $75 per hour
Job type: Full-Time
*Remote Contract Opportunity*
Lighthouse Technology Services is partnering with our client to fill their Senior Cyber Security Risk Analyst role! This is a 12 month contract opportunity and can be remote in the United States. This role will be a W2 employee of Lighthouse Technology Services.
This role supports a Cybersecurity risk management and governance practice focused on Cybersecurity risk assessments, First Line of Defense and controls testing strategy, development and maintenance of Cybersecurity policies and standards, evaluation of Cybersecurity legal and regulatory requirements, development and execution of the Cybersecurity awareness program, and/or development and execution of the Cybersecurity Risk Management Program.
What You'll Be Doing:
•Maintain current knowledge of the Cybersecurity and Risk management policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.
•Identify and evaluate Cybersecurity risk to the business and drive development of strategies to mitigate identified risks based on diverse factors including the organizations overall risk appetite and tolerance.
•Provide current data for key risk indicators (KRIs) and key performance indicators (KPIs). Present results to risk committees. Review current KRIs and KPIs, recommend enhancements to management and present recommendations to risk committees.
•Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
•Maintain internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
•This role is used in one or more of the following ways:
•Risk Assessment - Design and develop Cybersecurity risk assessments based on subject matter expertise and industry best practices. Execute risk assessments, analyze results, recommend and implement remediation plans to address defined risks. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document controls associated with identified risks.
•Controls Testing Design - Develop, document and maintain the Cybersecurity controls testing program and plan. Confirm the program aligns with Cybersecurity policies and standards, Risk Management policies and regulatory requirements.
•Policy and Standards - Research, recommend, and develop new Cybersecurity policies and standards based on the strategic direction and aligned with legal and regulatory requirements and industry best practices. Present recommendations to area management and various risk committees for approval. Update and enhance existing Cybersecurity policies and standards as needed.
•Regulatory - Review assigned regulatory notifications to identify impact to organization. Discuss results with stakeholders and develop recommendations along with associated action plans to address gaps. Summarize results, recommendations and action plans and present to management and various risk committees. Lead efforts to address action plans.
•Risk Management Program - Design and develop the Cybersecurity Risk Management program, ensure proper alignment with policies and procedures. Analyze program results, recommend enhancements. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document key risks and controls.
What You'll Need To Have:
•Associates degree and a minimum of 7 years relevant work experience, or in lieu of a degree, a combined minimum of 9 years higher education and/or work experience, including a minimum of 7 year relevant work experience.
•Knowledge of IAM governance framework that aligns with industry best practices, regulatory requirements, and organizational policies.
•Working Knowledge of Role-Based Access Control (RBAC) models, mapping roles and responsibilities to access privileges, segregation of duties (SoD) and least privilege principles and enterprise level IDAM methodologies.
•Excellent knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication and non-repudiation.
•Proven ability facilitating targeted discussions with peers, line managers and senior management within business unit.
•Excellent ability to discern protection needs (i.e., security controls) of information systems and networks.
•Proven ability to design and develop effective risk management processes (e.g., methods for assessing and mitigating risk).
•Experience recognizing vulnerabilities in security systems.
•Excellent ability designing valid and reliable assessments.
•Experience anticipating new security threats.
•Certified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) certification or Cybersecurity domain-related preferred
Pay Range: $60-75/hr +
Questions about any of our jobs? Email us at recruiting@lhtservices.com
View all of our open jobs here: jobs.lhtservices.com
Lighthouse Technology Services is partnering with our client to fill their Senior Cyber Security Risk Analyst role! This is a 12 month contract opportunity and can be remote in the United States. This role will be a W2 employee of Lighthouse Technology Services.
This role supports a Cybersecurity risk management and governance practice focused on Cybersecurity risk assessments, First Line of Defense and controls testing strategy, development and maintenance of Cybersecurity policies and standards, evaluation of Cybersecurity legal and regulatory requirements, development and execution of the Cybersecurity awareness program, and/or development and execution of the Cybersecurity Risk Management Program.
What You'll Be Doing:
•Maintain current knowledge of the Cybersecurity and Risk management policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.
•Identify and evaluate Cybersecurity risk to the business and drive development of strategies to mitigate identified risks based on diverse factors including the organizations overall risk appetite and tolerance.
•Provide current data for key risk indicators (KRIs) and key performance indicators (KPIs). Present results to risk committees. Review current KRIs and KPIs, recommend enhancements to management and present recommendations to risk committees.
•Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
•Maintain internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
•This role is used in one or more of the following ways:
•Risk Assessment - Design and develop Cybersecurity risk assessments based on subject matter expertise and industry best practices. Execute risk assessments, analyze results, recommend and implement remediation plans to address defined risks. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document controls associated with identified risks.
•Controls Testing Design - Develop, document and maintain the Cybersecurity controls testing program and plan. Confirm the program aligns with Cybersecurity policies and standards, Risk Management policies and regulatory requirements.
•Policy and Standards - Research, recommend, and develop new Cybersecurity policies and standards based on the strategic direction and aligned with legal and regulatory requirements and industry best practices. Present recommendations to area management and various risk committees for approval. Update and enhance existing Cybersecurity policies and standards as needed.
•Regulatory - Review assigned regulatory notifications to identify impact to organization. Discuss results with stakeholders and develop recommendations along with associated action plans to address gaps. Summarize results, recommendations and action plans and present to management and various risk committees. Lead efforts to address action plans.
•Risk Management Program - Design and develop the Cybersecurity Risk Management program, ensure proper alignment with policies and procedures. Analyze program results, recommend enhancements. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document key risks and controls.
What You'll Need To Have:
•Associates degree and a minimum of 7 years relevant work experience, or in lieu of a degree, a combined minimum of 9 years higher education and/or work experience, including a minimum of 7 year relevant work experience.
•Knowledge of IAM governance framework that aligns with industry best practices, regulatory requirements, and organizational policies.
•Working Knowledge of Role-Based Access Control (RBAC) models, mapping roles and responsibilities to access privileges, segregation of duties (SoD) and least privilege principles and enterprise level IDAM methodologies.
•Excellent knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication and non-repudiation.
•Proven ability facilitating targeted discussions with peers, line managers and senior management within business unit.
•Excellent ability to discern protection needs (i.e., security controls) of information systems and networks.
•Proven ability to design and develop effective risk management processes (e.g., methods for assessing and mitigating risk).
•Experience recognizing vulnerabilities in security systems.
•Excellent ability designing valid and reliable assessments.
•Experience anticipating new security threats.
•Certified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) certification or Cybersecurity domain-related preferred
Pay Range: $60-75/hr +
Questions about any of our jobs? Email us at recruiting@lhtservices.com
View all of our open jobs here: jobs.lhtservices.com
Created: 2024-05-05
Reference: OTMyNC1oN3ducWFtcGd5dDY4cmxt
Country: United States
State: New York
City: Buffalo
ZIP: 14208
Similar jobs:
-
Risk Management Analyst II
AECOM Technology Corporation in New York, New York💸 $90958.00 per year -
Staff Fraud and Risk Analyst
Intuit in New York, New York -
Liquidity Risk Manager - Analyst
Morgan Stanley in New York, New York💸 $68000 - $90000 per year -
Senior Cyber Security Risk Analyst - 1997706
Lighthouse Technology Services in Buffalo, New York💸 $66 - $80 per hour -
Financial Analyst - Risk
Metropolitan Transportation Authority in New York, New York💸 $63108 - $82829 per year -
Senior Risk Data Analyst - First Line of Defense Control Framework
Bloomberg LP in New York, New York -
Privacy Analyst, Third Party Risk Review - PDPO
TikTok in New York, New York -
Risk Management Analyst
AECOM Technology Corporation in New York, New York💸 $77000.00 per year -
Credit Risk Analyst
UBS in Nashville, New York -
Risk Analyst, New York City
Lockton, Inc. in New York City, New York -
Analyst, Business Control & Risk Management- Corporate & Investment Banking
Santander Bank in New York, New York💸 $68688 - $94300. per year -
Senior Cyber Security Risk Analyst - 2021962
Lighthouse Technology Services in Buffalo, New York💸 $85 - $100 per hour -
Risk Analyst
Saxon Global in New York, New York -
Fixed Income, Contractual Terms Risk Management - Analyst
Morgan Stanley in New York, New York💸 $75000 - $125000 per year -
Information Security Analyst - Risk Reduction
American Express in New York, New York -
Sr. Analyst - Operational Risk, Global Dining
American Express in New York, New York -
Market Risk Data Issue Management - Business Analyst
Morgan Stanley in New York, New York💸 $68000 - $90000 per year -
Privacy Analyst, Third Party Risk Measurement - PDPO
TikTok in New York, New York -
Third Party Risk Management Analyst - USDS
TikTok in New York, New York -
Senior Governance Risk & Compliance Analyst
Experis in New York, New York