Gilbane Building Company Albany , NY 12201
Posted 2 weeks ago
Overview
The Cyber Risk Analyst assists in enhancing our information security, information governance, privacy, compliance, and risk management procedures. This role will work with the GRC Manager and other team members to identify flaws and vulnerabilities in business and customer security systems to proactively develop solutions.
Responsibilities
Collaborates with business and engineering executives to identify and enhance existing control processes
Evaluates internal control improvement opportunities
Administers audit and security GRC tools, such as ServiceNow, to document, maintain, and enhance controls
Administers third party risk management tools such as Bitsight
Maintains knowledge of key NIST controls and enhances IT controls and policies accordingly
Manages and maintains the controls of the IT audit program
Prepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing
Coordinates testing and validation of IT General Control (ITGC) processes for internal audit
Reviews auditor requests to ensure they are appropriately scoped and reasonable, and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submission
Partners with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures
Identifies and ranks the inventory of third parties that pose a risk to the organization
Collects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a control
Oversees the maturation of the third party risk management program through the development of standard operating procedures
Contributes to the design, creation, and maintenance of risk-based metrics
Leads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion
Qualifications
KEY COMPETENCIES
EDUCATION
KNOWLEDGE, SKILLS & ABILITIES
Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controls
Expertise in complex business processes and technological risks
Deep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus software
Knowledge of penetration testing, network security, and common techniques to expose and correct security flaws
Advanced understanding of third-party risk management
Prior experience with third-party GRC and vendor management platforms
Superior verbal and written communication skills with technical and non-technical audiences at all organizational levels
Passion and dedication for improving security and compliance maturity in a significant way
Prior knowledge of NIST Special Publications 800-53 and 800-171 is preferred
Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data. For Providence, RI this ranges from $79,000.00 - $110,000.00 plus benefits and retirement program.For Arlington, VA and Boston, MA this ranges from $88,000.00- $120,000.00 plus benefits and retirement program.
Gilbane offers an excellent total compensation package which includes competitive health and welfare benefits and a generous profit-sharing/401k plan. We invest in our employees' education and have built Gilbane University into a top training organization in the construction industry. Qualified applicants who are offered a position must pass a pre-employment substance abuse test.
Gilbane is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, color, national origin, race, religion, sex, sexual orientation, gender identity, protected veteran status, or disability status.
Note to Recruiters, Placement Agencies, and Similar Organizations: Gilbane does not accept unsolicited resumes from agencies. Please do not forward unsolicited agency resumes to our jobs alias, website, or to any Gilbane employee. Gilbane will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of Gilbane and will be processed accordingly.
Gilbane Building Company