Our direct client is looking for a Senior CybersecurityRisk Analyst in Trenton, NJ.
- Conduct risk assessments to identify, assess, and measure information securityrisks for systems, facilities, networks, projects and third parties utilizing NIST 800-53, NIST CSF, CJIS, HIPAA, CSA, OWASP, IRS-175, state policies and standards, and/or other appropriate information security control structures
- Prepare risk assessment reports to support management action, escalation and risk acceptance processes resulting from risk assessments
-Identify opportunities to improve risk posture, proposing solutions for remediating or mitigating risks and assessing the residual risk
- Manage relationships with security, technology, key business stakeholders and third parties to identify and communicate securityrisks and mitigation approaches
- Assist in the development of the NJCCIC’s information securityrisk assessment capabilities, policy development and maintenance, and exception management
- Provide guidance and education across the Executive Branch for technologysecurity and compliance requirements according to statutory, regulatory, and contractual requirements, policies and standards, and information security classification.
- Conduct information security assessments
- Provide notification of updated controls requirements to information technology and security teams and other relevant stakeholders due to legal, regulatory, and state policy and standards updates.
- Provide consultation on information security regulations and standards, such as PCI DSS, HIPAA, or NIST, to various audiences.
- Facilitate the exception management process by tracking exceptions, evaluating associated risks by working with the otherinformation technology and security staff, and coordinating communication with the risk owner.
- Assist with development and maintenance of information security policies, procedures, standards and guidelines
- Assist with developing and enhancing the GRC tool to support risk assessments across all Executive Branch departments and agencies
- Provide subject matter expertise, leadership and coordination for CybersecurityRisk Assessments
- Act as liaison with external auditors and vendors who support security and privacy maturity development
- Assist with incident response activities as appropriate
- Mentor and train other employees to improve their skills and effectiveness
- Other information security duties as assigned.
- Demonstrated technical knowledge and proficiency with systems and networkarchitectures, engineering, and administration
- Proven experience performing risk assessments to identify, assess, and measure information securityrisks for systems, facilities, networks, projects and third parties
- Demonstrated experience preparing risk assessment reports to support management action, escalation and risk acceptance processes resulting from risk assessments
- Demonstrable knowledge and experience with NIST 800-53, NIST CSF, CSA, OWASP, CIS Top 20, PCI-DSS, HIPAA
- Proven ability to perform infrastructure and application vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
- Ability to communicate clearly and concisely with technical and non-technical cross-functional teams; written, verbal, presentation, and interpersonal skills
- Experience reviewing 3rd party securityreports (SSAE16 SOC 1 and 2, penetration testing reports, SIG) against industry security standards (CSA, NIST, CIS, OWASP) as part of an overall vendor management program
- Ability to weigh business needs against risk concerns and articulate issues to management
- Experience with or certification in use of GRC Tools such as Archer.
- Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, and Visio
- Excellent communication, report writing and presentation skills
- Ability to manage multiple projects, priorities and deadlines
- Ability to mentor other employees to improve their skills and effectiveness.
- Demonstrated initiative, customer orientation, and team work competencies
- Adaptability, flexibility and ability to work as part of a team or in an individual capacity
- Ability to handle and maintain the integrity and confidentiality of highly sensitive material and information
- A minimum of Five (5) years of information securityexperience including audits, controls, risk assessments, and remediation management
- Relevant security certifications preferred (i.e. CISSP, CISA, CISM, etc.)
- BachelorDegree in computer science, engineering, information security or an equivalent combination of education, training, and experience.
(1) Has the candidate ever worked for the Client (Government of State of NJ)? Is yes, please provide: Agency Name, Start and End Date, In what capacity worked, Reason for Finishing work with the agency, Manager Name and Number?
(2) Client will perform Fingerprinting, Full State and Federal Background Check. Is your background check all clear?
Location: Trenton, NJ