Cybersecurity Senior Risk Analyst / NYC
Cybersecurity Senior Risk Analyst Work Location: NYC Hybrid: Work location (15 MTC, 16th Floor) & Remote Tuesdays & Fridays (3 days in office/2 days remote) Duration: 2 Years SCOPE OF SERVICES TASKS: Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise; Work with stakeholders across various divisions, soliciting input and working through feedback; Evaluate risk of third parties used by New York City agencies; Document and track remediation of risks in the Risk Register; Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies; Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines; Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary; Engage in communications with NYC Agencies; Handle special projects and initiatives as assigned.
MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.DESIRABLE SKILLS/EXPERIENCE: BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field. One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) CompTIA Security+ CompTIA Network+ CompTIA A+ CompTIA CySA+ Cisco Certified Network Associate - CCNA CEH: Certified Ethical Hacker GIAC Information Security Fundamentals (GISF) GIAC Security Essentials (GSEC) (ISC)2 Systems Security Certified Practitioner (SSCP) Ability to work effectively in a team environment.
Being highly organized, motivated and a self-directed professional. Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. Understanding of commonly used computer operating systems, databases, network structures.Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) Investigative and analytical skills. Excellent oral and written communication skills; Knowledge of the current and evolving cyber threat landscape; Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;