Security Risk Analyst
Location: New York City
Due to tremendous growth, Essextec is looking to hire a full-time Security Rick Analyst for their New York office. The primary responsibility will be to support the IT Governance, Risk, and Compliance initiatives, including all existing and new regulatory, legal, internal audit, and best practice initiatives. You will also be responsible for performing consulting services surrounding the testing of internal Security and IT Risk controls, gathering documentation or evidence, and reporting on the results.
The ideal professional will be able to participate in new and/or existing client environments to identify new opportunity for Risk Management and Cybersecurity professional services engagements. Other aspects of the role include information sharing/gathering process for other third party audits/reviews and internal risk assessments. Additionally, you will perform and/or oversee detailed client assessments to ensure compliance with defined policies, standards and guidelines. Upon completion of reviews, you will make recommendations and/or be directly involved with addressing gaps or developing remediation plans.
- Assist in the development and communication of IT Compliance standards and guidelines. Provide input into Corporate-wide policies and processes
- Conduct detailed reviews of the IT Standards compliance for clients as needed
- Performing reviews of related IT Compliance documentation, procedures and controls, including creating work papers and making recommendations for remediation
- Ensuring that issues and findings across all compliance related activities are documented and tracked for remediation, with direct involvement by either facilitation of discussions, or by being directly involved in the process
- Collaborative issue/remediation planning on a broad set of IT related issues: Disaster recoverysSecurity risks, regulatory, data protection, user access, etc.
- Review and analysis of regulatory laws based on national, state, and international regulations
- Reporting issues or deficiencies found during testing and tracking the associated remediation plans across companies and/or departments
- Working both independently and across teams, or across entities, to collect or distribute important information on processes, procedures, guidelines, etc.
- Serve as a subject matter expert on key internal controls, procedures, and workflows
- 3 + years of Cybersecurity and IT Risk experience with regulatory, internal audit and/or compliance testing, including the development of remediation activities or steps
- Experience with development of General Controls and/or IT Compliance related standards
- Working knowledge and exposure of IT Governance, Risk Management, and Compliance practices
- Client-facing presentation and communication skills are a must
- Working knowledge and understanding of NIST/HIPAA/PCI/ISO 27001 framework. Proven ability to apply toward internal IT controls for the purposes of complying with internal audits is a strong plus. GDPR or CCPA experience a strong plus
- Security+, CISA and/or CRISC certifications considered a strong plus. CISSP or CISA preferred
- Proven ability to prioritize workload, work effectively on concurrent tasks, and be able to meet project deadlines
- Proven ability to facilitate meetings or discussions with internal and external personnel to determine action items and completion dates
- Business development or pre-sales experience a strong plus
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.