Senior Cyber Risk Management Engineer - Audit GRC

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Request Technology

NO SPONSORSHIP

RATE:
Open

DURATION: ABOUT ONE YEAR

LOCATION:

REMOTE

Job Description:

The Senior Cyber Risk Management Capability Assessor will evaluate the effectiveness and conduct risk assessments of cyber risk management capabilities, including policies, processes, and technical capabilities, leveraging enterprise cyber risk management requirement and control framework. This role involves significant work around issue management and Plan of Action and Milestones (POAM), supports SOC 1/2 Type 2 audits by external auditors, and prepares materials to support attestations for NAIC model laws and 23 NYCRR 500.

Responsibilities:

• Cyber Risk Management Capability Assessments:
  Conduct thorough assessments of the effectiveness of cyber risk management capabilities within the organization.
• Gap Analysis:
  Identify gaps in cyber risk management capability effectiveness and provide recommendations for enhancing the organization's cyber risk management posture.
• Issue Management & POAM:
  Manage issues and develop Plan of Action and Milestones (POAM) to address identified gaps and vulnerabilities.
• Documentation & Reporting:
  Develop detailed reports and documentation on assessment findings, remediation plans, and effectiveness metrics.
• Stakeholder
  
  Collaboration:
  
  Work closely with cyber risk management, technology, and business partners to ensure that cyber risk management capabilities are effective.
• Compliance, Standards, and Regulatory Alignment:
  Ensure adherence to regulatory and industry standard requirements such as NIST 800-53, SOC 2, 23 NYCRR 500, NAIC Model Law, and HIPAA. As regulations and standards are introduced and updated, assist in enhancing and extending the framework.
• Audit Support:
  Support the performance of SOC 2 audits by external auditors and prepare materials to support attestations with NAIC model laws and NYDFS.

Education:

• Bachelors degree in Cybersecurity, Information Security, Computer Science, or a related field.
• Certifications (Preferred): CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent.

Experience:

• Minimum 3-5 years of experience in cyber security, compliance, cyber risk assessment, or security auditing.

Technical Expertise:

• Working knowledge of NIST 800-53.
• Basic knowledge of cloud-based cyber risk management controls (Azure and/or Oracle Cloud Infrastructure).
• Familiarity with technology management methodologies (Dev Ops, SAFe, ITIL).
• Proficiency in multiple cyber risk management domains.
• Understanding of cyber risk management oversight and administration processes, security architecture, technical security controls, and data protection strategies.

• Not Applicable

• Contract

• Information Technology

• Insurance