The Cyber Risk Analyst assists in enhancing our information security, information governance, privacy, compliance, and risk management procedures. This role will work with the GRC Manager and other team members to identify flaws and vulnerabilities in business and customer security systems to proactively develop solutions.
Responsibilities Collaborates with business and engineering executives to identify and enhance existing control processesEvaluates internal control improvement opportunitiesAdministers audit and security GRC tools, such as ServiceNow, to document, maintain, and enhance controlsAdministers third party risk management tools such as BitsightMaintains knowledge of key NIST controls and enhances IT controls and policies accordinglyManages and maintains the controls of the IT audit programPrepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testingCoordinates testing and validation of IT General Control (ITGC) processes for internal auditReviews auditor requests to ensure they are appropriately scoped and reasonable, and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submissionPartners with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented proceduresIdentifies and ranks the inventory of third parties that pose a risk to the organizationCollects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a controlOversees the maturation of the third party risk management program through the development of standard operating proceduresContributes to the design, creation, and maintenance of risk-based metricsLeads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion QualificationsKEY COMPETENCIES
Communicate Effectively - Listen to understand and clearly convey information in all forms based on the audience to ensure shared meaning of the message. Act Inclusively - Ensure that actions and behaviors are respectful; show empathy and treat others with dignity. Leverage capabilities and insights of individuals with diverse perspectives, abilities and motivation. Solve Problems - Identify, prioritize and implement alternatives for a solution. Demonstrate Agility/Adaptability - Maintain effectiveness and adjust to change by exploring the rationale, trying new approaches, and collaborating with others to make the change successful. Create an atmosphere of open-mindedness to change. Drive for Results - Show passion and commitment while delivering on business outcomes. Create a sense of individual ownership and accountability. Champion Innovation - Identify opportunities for new and improved ways of doing things that result in value added, unique and differentiated solutions.EDUCATION
Bachelor’s degree in computer science or a related field3+ years’ experience in governance, risk, and compliance and/or information security or auditKNOWLEDGE, SKILLS & ABILITIES
Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controlsExpertise in complex business processes and technological risksDeep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus softwareKnowledge of penetration testing, network security, and common techniques to expose and correct security flawsAdvanced understanding of third-party risk managementPrior experience with third-party GRC and vendor management platformsSuperior verbal and written communication skills with technical and non-technical audiences at all organizational levelsPassion and dedication for improving security and compliance maturity in a significant wayPrior knowledge of NIST Special Publications 800-53 and 800-171 is preferredSalary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.
For Providence, RI this ranges from $X88,200 - $121,300.00 plus benefits and retirement program.
For Arlington, VA and Boston, MA this ranges from $98,200.00- $135,000.00 plus benefits and retirement program.
Gilbane offers an excellent total compensation package which includes competitive health and welfare benefits and a generous profit-sharing/401k plan. We invest in our employees’ education and have built Gilbane University into a top training organization in the construction industry. Qualified applicants who are offered a position must pass a pre-employment substance abuse test.
Gilbane is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, color, national origin, race, religion, sex, sexual orientation, gender identity, protected veteran status, or disability status.
Note to Recruiters, Placement Agencies, and Similar Organizations: Gilbane does not accept unsolicited resumes from agencies. Please do not forward unsolicited agency resumes to our jobs alias, website, or to any Gilbane employee. Gilbane will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of Gilbane and will be processed accordingly.
Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Need help finding the right job? We can recommend jobs specifically for you! Click here to get started. Application FAQsSoftware Powered by iCIMS
www.icims.com