Fwd: Cyber Risk Assessment Analyst Need
Vinay 2
Position : Cyber Risk Assessment Analyst
Type: Contract, 6-12 months initial duration
Location: Remote
Must-Have Skills/Experience:
- Audit experience
- Experience with NIST CSF
- Experience with ISO or SOC2
- Comfortable interviewing others
- Ability to guide team members through an assessment
Job Requirements
Conduct cybersecurity risk assessments on assigned existing implementations and emerging technologies, applications, services, critical processes, and scenarios as appropriate.
Evaluate risks and ensure compliance with documented corporate Cybersecurity Policies, Standards, and Requirements.
Use of already provided risk assessment templates, including NIST Cybersecurity Framework (CSF) based questionnaires to use in risk assessments.
Support as needed the third-party vendor/supplier risk assessment program.
Support as needed unscheduled but priority cybersecurity risk assessment requests specific to ad-hoc requests from business stakeholders.
Manage interviews with subject matter experts and communicate clearly over email for follow-up information.
Demonstrated ability to understand business processes and how they align with internal cybersecurity policies and any impacting regulatory requirements.
Evaluate already existing collateral (e.g., 3rd party external certifications) as part of assessing the subject.
Identify all control gaps and potential remediation steps discovered during assessment.
Gain alignment with business stakeholders on remediation plans, due dates, and owners and upon completion of assessment document risk in a central risk register.
Provide executive level management read-out of risk assessment and findings to stakeholders, in clear terms for non-technical stakeholders.
Reviewed internal policies, procedures, and standards to validate that management directives have been appropriately captured and formalized to mitigate risks and achieve compliance and reporting objectives.
Provide feedback loop to Cybersecurity management on any weaknesses or inadequacies of current Cybersecurity Policies discovered as part of assessments.
Suggest process improvements for overall cybersecurity risk assessments processes and documents.
Qualifications
University / bachelor’s degree in information systems, Cybersecurity, or a related field.
Minimum of 3 years of relevant experience in cybersecurity risk assessments and/or Cybersecurity related audits.
Previous experience and familiarity with cybersecurity industry standards and frameworks, including NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001 and PCI DSS.
Security certification such as CISSP, CRISC, CISM, CISA or GIAC beneficial.
Exceptional analytical and critical thinking skills.
Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner with stakeholders.
Effective communication skills, including the ability to gather relevant data and information, connect through listening, dialogue freely, and verbalize ideas effectively.
Proven presentation, interviewing and facilitation skills.
Regards,
Vinay Kumar Tripathi
Technical Recruiter
Teknotrain Inc.
Ashburn, VA