Cyber Security, Audit & Risk Analyst

Salary depends on experience
Posted on 09/21/17
5 - 7 years experience
Financial Services
Salary depends on experience
Posted on 09/21/17

Position summary & responsibilities:

The Cyber SecurityAudit & Risk Analyst (A&RA) is responsible for the planning, analysis and execution of key Cyber SecurityAudit & Risk business objectives or projects within agreed upon time frames and quality standards.

  • The A&RA is responsible for coordinating and interfacing with Internal Audit and Systems Risk to assess different facets of the firm’s cybersecurity program.  
  • The A&RA will work closely with colleagues around Systems Infrastructure teams in order to provide information during multiple phases of an audit engagement including the discovery, testing, and response phases.  
  • The A&RA is responsible to provide a clearly articulated response to all audit issues/findings across a wide spectrum of systems security-related topics.  
  • The A&RA will be responsible to create/modify process documents when necessary to address enhancements required to address Audit & Risk issues. 
  • Assist in the development of security project plans to address audit issues.
  • Maintain the status of open Audit issues, track and complete intermediate milestones, and ensure the final deliverable meets the target date and is meets Audit’s expectations
  • Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Work with ISM teams and Systems to monitor deployment, integration and initial configuration of all new security solutions.
  • Provide consultation to the business and Systems personnel on security policies and issues.


  • The A&RA should have a solid understanding of Cyber Risks and be able to understand applicable control framework to mitigate those risks.
  • College diploma or university degree in the field of computer science/ Information Systems and/or 5-7years equivalent workexperience.
  • Extensive experience in enterprise security document creation.
  • Familiarity working within the financial industry with security best practices, FFIEC and ISO standards.
  • Extensive problem solving and organizational skills.
  • Strong written and verbal communication skills.
  • Ability to work with different systems (Infrastructure and Application) teams to deliver on Audit deliverables.
  • Pluses (beneficial, not required): Familiarity of Systems Development Life-Cycle.
  • Certification Pluses: CISM, CISSP, CISA, CRISC


Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.