Contract - Senior Cyber Risk Management Analyst

Rate: Open

Location: Remote

Duration: 1 year

Qualifications

• Bachelor's degree
• Minimum 5-8 years of experience in cyber security, compliance, cyber risk assessment, or security auditing.
• Working knowledge of NIST 800-53, NIST 800-171, and FedRamp.
• Demonstrated experience assessing both on-premises and cloud-based cyber risk management controls (Azure and Oracle Cloud Infrastructure)
• Familiarity with technology management methodologies (DevOps, SAFe, ITIL)
• Expertise in multiple cyber risk management domains
• Understanding of cyber risk management oversight and administration processes, security architecture, technical security controls, and data protection strategies.
• Excellent communication and report-writing abilities.
• Ability to work independently and lead cyber risk management assessments.
• Strong understanding of regulatory compliance and risk management principles.

Responsibilities

• Cyber Risk Management Capability Assessments: Conduct in-depth assessments of the effectiveness of cyber risk management capabilities within the organization.
• Gap Analysis: Identify gaps in cyber risk management capability effectiveness and provide recommendations for enhancing the organization's cyber risk management posture.
• Documentation & Reporting: Develop detailed reports and documentation on assessment findings, remediation plans, and effective metrics.
• Stakeholder Collaboration: Work closely with cyber risk management, technology, and business partners to ensure that cyber risk management capabilities are effective.
• Compliance, Standards, and Regulatory Alignment: Ensure adherence to regulatory and industry standard requirements such as NIST 800-53, SOC 2, 23 NYCRR 500, NAIC Model Law, and HIPAA, by harmonizing those requirement sets to the enterprise cyber risk management requirement framework. As regulations and standards are introduced and updated, enhance and extend the framework.