Cyber Security, Audit & Risk Analyst
Position summary & responsibilities:
The Cyber SecurityAudit & Risk Analyst (A&RA) is responsible for the planning, analysis and execution of key Cyber SecurityAudit & Risk business objectives or projects within agreed upon time frames and quality standards.
- The A&RA is responsible for coordinating and interfacing with Internal Audit and Systems Risk to assess different facets of the firm’s cybersecurity program.
- The A&RA will work closely with colleagues around Systems Infrastructure teams in order to provide information during multiple phases of an audit engagement including the discovery, testing, and response phases.
- The A&RA is responsible to provide a clearly articulated response to all audit issues/findings across a wide spectrum of systems security-related topics.
- The A&RA will be responsible to create/modify process documents when necessary to address enhancements required to address Audit & Risk issues.
- Assist in the development of security project plans to address audit issues.
- Maintain the status of open Audit issues, track and complete intermediate milestones, and ensure the final deliverable meets the target date and is meets Audit’s expectations
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Work with ISM teams and Systems to monitor deployment, integration and initial configuration of all new security solutions.
- Provide consultation to the business and Systems personnel on security policies and issues.
- The A&RA should have a solid understanding of Cyber Risks and be able to understand applicable control framework to mitigate those risks.
- College diploma or university degree in the field of computer science/ Information Systems and/or 5-7years equivalent workexperience.
- Extensive experience in enterprise security document creation.
- Familiarity working within the financial industry with security best practices, FFIEC and ISO standards.
- Extensive problem solving and organizational skills.
- Strong written and verbal communication skills.
- Ability to work with different systems (Infrastructure and Application) teams to deliver on Audit deliverables.
- Pluses (beneficial, not required): Familiarity of Systems Development Life-Cycle.
- Certification Pluses: CISM, CISSP, CISA, CRISC