Senior Analyst, Cybersecurity/IT Control Design and Monitoring
About the role
As a Senior Analyst, Cybersecurity/IT Control Design and Monitoring, you will help ensure controls are designed and monitored in alignment with policies. You will partner across Cybersecurity, Technology, Risk Management, and Internal Audit to design controls, evaluate control performance through data-driven assurance, and drive timely remediation of control gaps.
Responsibilities
- Engage in new projects (Tech Governance process) to ensure the appropriate controls are designed and implemented to meet policies, including as appropriate those related to Key Financial Systems (KFS).
- Partner with internal audit Model Audit Rule team and risk team to ensure controls designs are appropriate.
- Perform initial validation of designed controls to ensure they are operating effectively prior to go-live.
- Cyber Control Monitoring & Self-Assessment: Contribute to the implementation and day-to-day operations of the first line information security continuous control monitoring program.
- Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions.
- In partnership with 2nd line, maintain a control inventory and control-to-evidence mapping aligned to internal policy and external frameworks; ensure controls have clear owners, descriptions, and measurable success criteria.
- Identify coverage gaps, control weaknesses, and emerging risks through ongoing monitoring, and drive changes to the 1st line monitoring program based on findings.
- Develop and maintain control test procedures (what is tested, data sources, sampling/coverage, frequency, and pass/fail criteria) and ensure results are reproducible and audit-ready.
- Risk Remediation: Assist D&T control owners in designing remediation plans that address root-cause correction, appropriate compensating controls, and achieve measurable risk reduction.
- Validate effectiveness of remediation actions identified through the 1st line monitoring program, confirm resolution and adequacy to prevent recurrence.
Requirements
- Passionate about cybersecurity, control design and IT control and risk management.
- Detail and analytically oriented.
- Flexible and resourceful in managing multiple priorities.
- Able to effectively collaborate within your own team and across the organization.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Technology Risk Management, or a related field (or equivalent experience).
- 3+ years of experience in cybersecurity, architecture, IT risk, or technology audit.
- Experience designing controls to address risks, identifying residual risks, and executing control assurance procedures (design and operating effectiveness).
- Strong understanding of control frameworks and regulatory expectations (e.g., NIST CSF/800-53, MAR, COBIT, SOC 2, NYDFS, etc.).
- Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines).
- Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one.
Skills
- Excellent communication skills.
- Ability to work independently and as part of a team.
- Strong analytical and problem-solving skills.
- Proficiency in Microsoft Office Suite.
Benefits
Our promise at Guardian includes support and flexibility to achieve your professional and personal goals, through skill-building, leadership development, and philanthropic opportunities. We also offer a comprehensive benefits package, including health insurance, retirement savings plans, and paid time off.
Pay
$95,170.00 - $156,355.00
Schedule
Three days a week at our Guardian office in New York, NY or Bethlehem, PA.