Contract - Senior Cyber Risk Engineer

Rate: Open

Location: Remote

Duration: 1 year

Qualifications

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
• Certifications (Preferred): CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent.
• 5+ years of experience in cyber security, compliance, cyber risk assessment, or security auditing.
• Working knowledge of NIST 800-53.
• Proficient in supporting the performance of SOC 2 audits by external auditors and prepare materials to support attestations with NAIC model laws and NYDFS.
• Cloud-based cyber risk management controls (Azure and/or Oracle Cloud Infrastructure).
• Technology management methodologies (DevOps, SAFe, ITIL).
• Proficiency in multiple cyber risk management domains.
• Understanding of cyber risk management oversight and administration processes, security architecture, technical security controls, and data protection strategies.

Responsibilities

• Cyber Risk Management Capability Assessments: Conduct thorough assessments of the effectiveness of cyber risk management capabilities within the organization.
• Gap Analysis: Identify gaps in cyber risk management capability effectiveness and provide recommendations for enhancing the organization's cyber risk management posture.
• Issue Management & POAM: Manage issues and develop Plan of Action and Milestones (POAM) to address identified gaps and vulnerabilities.
• Documentation & Reporting: Develop detailed reports and documentation on assessment findings, remediation plans, and effective metrics.
• Stakeholder Collaboration: Work closely with cyber risk management, technology, and business partners to ensure that cyber risk management capabilities are effective.
• Compliance, Standards, and Regulatory Alignment: Ensure adherence to regulatory and industry standard requirements such as NIST 800-53, SOC 2, 23 NYCRR 500, NAIC Model Law, and HIPAA. As regulations and standards are introduced and updated, assist in enhancing and extending the framework.