Cyber Risk Lead- Security Control Assessor - Senior
Pyramid Systems, Inc. · United States · 2 days ago
RemoteRemoteManagement$107k/yrFull-time
About the role
This position requires extensive experience in Information Security Governance, Risk, and Compliance, with a focus on third-party risk management. The ideal candidate will have a proven track record in writing technical and risk management reports, conducting security reviews, and performing risk-based due diligence.
Responsibilities
- Writing technical and risk management reports
- Conducting independent comprehensive assessments of security controls
- Developing and implementing supportable and sustainable processes to manage third-party cyber risks
- Conducting security reviews, identifying gaps in security architecture, and developing a security risk management plan
- Performing risk analysis and security reviews
- Planning and conducting security authorization reviews and assurance case development
- Providing input to the Risk Management Framework process activities
- Ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
- Supporting necessary compliance activities
- Evaluating the effectiveness of security controls
- Managing client relationships and ensuring security practices are followed throughout the acquisition process
Requirements
- At least five (5) years of experience in Information Security Governance, Risk, and Compliance roles
- At least three (3) years of experience in third-party risk management
- One of the following certifications: CISSP, CISA, CTPRP, or CTPRA
- Experience in conducting security reviews and identifying security gaps
- Experience in developing and implementing processes to manage third-party cyber risks
- Experience in conducting security authorization reviews and assurance case development
- Experience in providing input to the Risk Management Framework process activities
- Experience in ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
- Experience in supporting necessary compliance activities
- Experience in evaluating the effectiveness of security controls
- Experience in managing client relationships and ensuring security practices are followed throughout the acquisition process
Qualifications
- Technical understanding of the cybersecurity landscape and working knowledge of common information security and privacy controls
- Strong analytical, problem-solving, and organizational skills
- Subject matter expertise in assessing and mitigating risks associated with vendor relationships
- Knowledge of common information security and privacy controls, guidelines, and standards such as ISO27001, SOC 1/2, NIST SP 800-53, and NIST SP 800-171
Skills
- Administrative planning activities
- Analysis of traffic to identify network devices
- Confidentiality, integrity, and availability principles
- Secure coding techniques
- Security controls
- Assessment of security controls based on cybersecurity principles and tenets
- Assessment of security systems designs
- Application vulnerability assessments
- Reviews of systems
- Resilience and dependability capabilities
- System performance monitoring
- Impact/risk assessments
- Target system analysis
- Preparing and presenting briefings
- Preparing plans and related correspondence
- Preparing Test & Evaluation reports
- Processing collected data for follow-on analysis
- Providing analysis to aid writing phased after action reports
- Recognizing and categorizing types of vulnerabilities and associated attacks
- Reviewing and editing assessment products
- Reviewing and editing plans
- Reviewing logs to identify evidence of past intrusions
- Tailoring analysis to the necessary levels
- Target network anomaly identification
- Technical writing
- Troubleshooting and diagnosing cyber defense infrastructure anomalies
- Using manpower and personnel IT systems
- Using security event correlation tools
- Using virtual machines
- Utilizing feedback to improve processes, products, and services
- Utilizing or developing learning activities
- Accessing information on current assets available, usage
- Accessing the databases where plans/directives/guidance are maintained
- Analyzing strategic guidance for issues requiring clarification and/or additional guidance
- Analyzing target or threat sources of strength and morale
- Developing a collection plan that clearly shows the discipline that can be used to collect the information needed
- Evaluating requests for information to determine if response information exists
- Extracting information from available tools and applications associated with collection requirements and collection operations management
Benefits
Not specified
Pay
Not specified
Schedule
Not specified