Jobs · Management

Cyber Risk Lead- Security Control Assessor - Senior

Pyramid Systems, Inc. · United States · 2 days ago
RemoteRemoteManagement$107k/yrFull-time

About the role

This position requires extensive experience in Information Security Governance, Risk, and Compliance, with a focus on third-party risk management. The ideal candidate will have a proven track record in writing technical and risk management reports, conducting security reviews, and performing risk-based due diligence.

Responsibilities

  • Writing technical and risk management reports
  • Conducting independent comprehensive assessments of security controls
  • Developing and implementing supportable and sustainable processes to manage third-party cyber risks
  • Conducting security reviews, identifying gaps in security architecture, and developing a security risk management plan
  • Performing risk analysis and security reviews
  • Planning and conducting security authorization reviews and assurance case development
  • Providing input to the Risk Management Framework process activities
  • Ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
  • Supporting necessary compliance activities
  • Evaluating the effectiveness of security controls
  • Managing client relationships and ensuring security practices are followed throughout the acquisition process

Requirements

  • At least five (5) years of experience in Information Security Governance, Risk, and Compliance roles
  • At least three (3) years of experience in third-party risk management
  • One of the following certifications: CISSP, CISA, CTPRP, or CTPRA
  • Experience in conducting security reviews and identifying security gaps
  • Experience in developing and implementing processes to manage third-party cyber risks
  • Experience in conducting security authorization reviews and assurance case development
  • Experience in providing input to the Risk Management Framework process activities
  • Experience in ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
  • Experience in supporting necessary compliance activities
  • Experience in evaluating the effectiveness of security controls
  • Experience in managing client relationships and ensuring security practices are followed throughout the acquisition process

Qualifications

  • Technical understanding of the cybersecurity landscape and working knowledge of common information security and privacy controls
  • Strong analytical, problem-solving, and organizational skills
  • Subject matter expertise in assessing and mitigating risks associated with vendor relationships
  • Knowledge of common information security and privacy controls, guidelines, and standards such as ISO27001, SOC 1/2, NIST SP 800-53, and NIST SP 800-171

Skills

  • Administrative planning activities
  • Analysis of traffic to identify network devices
  • Confidentiality, integrity, and availability principles
  • Secure coding techniques
  • Security controls
  • Assessment of security controls based on cybersecurity principles and tenets
  • Assessment of security systems designs
  • Application vulnerability assessments
  • Reviews of systems
  • Resilience and dependability capabilities
  • System performance monitoring
  • Impact/risk assessments
  • Target system analysis
  • Preparing and presenting briefings
  • Preparing plans and related correspondence
  • Preparing Test & Evaluation reports
  • Processing collected data for follow-on analysis
  • Providing analysis to aid writing phased after action reports
  • Recognizing and categorizing types of vulnerabilities and associated attacks
  • Reviewing and editing assessment products
  • Reviewing and editing plans
  • Reviewing logs to identify evidence of past intrusions
  • Tailoring analysis to the necessary levels
  • Target network anomaly identification
  • Technical writing
  • Troubleshooting and diagnosing cyber defense infrastructure anomalies
  • Using manpower and personnel IT systems
  • Using security event correlation tools
  • Using virtual machines
  • Utilizing feedback to improve processes, products, and services
  • Utilizing or developing learning activities
  • Accessing information on current assets available, usage
  • Accessing the databases where plans/directives/guidance are maintained
  • Analyzing strategic guidance for issues requiring clarification and/or additional guidance
  • Analyzing target or threat sources of strength and morale
  • Developing a collection plan that clearly shows the discipline that can be used to collect the information needed
  • Evaluating requests for information to determine if response information exists
  • Extracting information from available tools and applications associated with collection requirements and collection operations management

Benefits

Not specified

Pay

Not specified

Schedule

Not specified

Similar jobs

Senior Cyber Lead

Tyto Athene, LLCLinthicum Heights, MD· 1 mo ago
Information Technologyapply on careers-gotyto.icims.com