Cyber Risk Analyst II / Risk Analyst II

Overview

The Cyber Risk Analyst assists in enhancing our information security, information governance, privacy, compliance, and risk management procedures. This role will work with the GRC Manager and other team members to identify flaws and vulnerabilities in business and customer security systems to proactively develop solutions.

Responsibilities

• Collaborates with business and engineering executives to identify and enhance existing control processes

• Evaluates internal control improvement opportunities

• Administers audit and security GRC tools, such as ServiceNow, to document, maintain, and enhance controls

• Administers third party risk management tools such as Bitsight

• Maintains knowledge of key NIST controls and enhances IT controls and policies accordingly

• Manages and maintains the controls of the IT audit program

• Prepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing

• Coordinates testing and validation of IT General Control (ITGC) processes for internal audit

• Reviews auditor requests to ensure they are appropriately scoped and reasonable, and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submission

• Partners with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures

• Identifies and ranks the inventory of third parties that pose a risk to the organization

• Collects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a control

• Oversees the maturation of the third party risk management program through the development of standard operating procedures

• Contributes to the design, creation, and maintenance of risk-based metrics

• Leads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion

Qualifications

KEY COMPETENCIES

• Communicate Effectively

• Listen to understand and clearly convey information in all forms based on the audience to ensure shared meaning of the message.

• Act Inclusively

• Ensure that actions and behaviors are respectful; show empathy and treat others with dignity. Leverage capabilities and insights of individuals with diverse perspectives, abilities and motivation.

• Solve Problems

• Identify, prioritize and implement alternatives for a solution.

• Demonstrate Agility/Adaptability

• Maintain effectiveness and adjust to change by exploring the rationale, trying new approaches, and collaborating with others to make the change successful. Create an atmosphere of open-mindedness to change.

• Drive for Results

• Show passion and commitment while delivering on business outcomes. Create a sense of individual ownership and accountability.

• Champion Innovation

• Identify opportunities for new and improved ways of doing things that result in value added, unique and differentiated solutions.

EDUCATION

• Bachelor's degree in computer science or a related field
• 3+ years' experience in governance, risk, and compliance and/or information security or audit

KNOWLEDGE, SKILLS & ABILITIES

• Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controls

• Expertise in complex business processes and technological risks

• Deep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus software

• Knowledge of penetration testing, network security, and common techniques to expose and correct security flaws

• Advanced understanding of third-party risk management

• Prior experience with third-party GRC and vendor management platforms

• Superior verbal and written communication skills with technical and non-technical audiences at all organizational levels

• Passion and dedication for improving security and compliance maturity in a significant way

• Prior knowledge of NIST Special Publications 800-53 and 800-171 is preferred

Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data. For Providence, RI this ranges from $79,000.00 - $110,000.00 plus benefits and retirement program.For Arlington, VA and Boston, MA this ranges from $88,000.00- $120,000.00 plus benefits and retirement program.

Gilbane offers an excellent total compensation package which includes competitive health and welfare benefits and a generous profit-sharing/401k plan. We invest in our employees' education and have built Gilbane University into a top training organization in the construction industry. Qualified applicants who are offered a position must pass a pre-employment substance abuse test.

Gilbane is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, color, national origin, race, religion, sex, sexual orientation, gender identity, protected veteran status, or disability status.

Note to Recruiters, Placement Agencies, and Similar Organizations: Gilbane does not accept unsolicited resumes from agencies. Please do not forward unsolicited agency resumes to our jobs alias, website, or to any Gilbane employee. Gilbane will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered property of Gilbane and will be processed accordingly.