Cybersecurity Analyst I

About The Position

Requirements

• A bachelor's or master’s degree in Computer Science, Information Technology, Business Administration, or other related field.
• 1 to 2 years of general information technology work experience. More than 1 year of information security work experience in IT risks and controls (e.g. PCI and/or SOX) is preferred for Infosec Analyst I role.
• Candidate should have exceptional troubleshooting and problem-solving skills.
• Candidate should be able to work in both group settings and independently.
• Follows through on commitments, acts with integrity and takes personal responsibility for decisions, actions, and failures, establishes clear responsibilities and processes for monitoring work and measuring results.
• Assumes positive intent of others, works cooperatively with others across the organization to achieve shared objectives, represents own interests well while being fair to others and their areas, partners with others to get work done, credits others for their contributions and accomplishments, gains trust and support of others.
• Shows personal commitment and acts to continuously improve, accepts assignments that broaden capabilities, demonstrates curiosity and openness to differences, new ideas and thinking, demonstrates vulnerability including a willingness to ask for help or acknowledge mistakes.
• Gains insight into customer needs, identifies opportunities that benefit the customer, builds and delivers solutions that meet customer expectations, establishes and maintains effective customer relationships.
• Promotes information sharing, collaboration, and transparency.
• Approach responsibilities with a positive attitude to keep team morale and engagement levels high.
• Aligns to and supports leadership strategic directives and contributes to team’s objectives.
• Ability to communicate complex information in a clear, concise and organized manner with both technical and nontechnical audiences. Demonstrates skill in managing client relationships and expectations while showing a commitment to delivering quality results.
• Ability to apply critical thinking to evaluate information for reliability, validity, and relevance.
• Ability to function in a collaborative environment, seeking consultation with analysts and experts to leverage technical expertise. Demonstrates ability to ask questions to key stakeholders outside of the GRC team.
• Ability to understand cyber security impact to the organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability).
• Knowledge of IT risks and controls.
• Knowledge of Sarbanes-Oxley (SOX) requirements, including IT General Controls, Application Controls, and SOD testing.
• General knowledge of industry standard cybersecurity governance frameworks, such as the CIS Critical Security Controls and NIST Cybersecurity Framework.
• Knowledge of risk management processes, cybersecurity and privacy principles, and cyber threats and vulnerabilities.
• Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
• Knowledge of applicable business processes and operations.
• Knowledge of new and emerging IT, cybersecurity technologies, security issues, risks, and vulnerabilities.

Nice To Haves

• CISSP, CISA, CISM, CRISC, or other relevant certifications are desired, but not required.

Responsibilities

• Evaluate cybersecurity and privacy assessments to ensure vendor compliance with best security practices and organizational standards using a variety of security frameworks (e.g., ISO 27001, CIS, NIST, PCI-DSS, Sarbanes-Oxley).
• Ensure new vendors meet security requirements by investigating and verifying the vendor’s scope of work, technologies, cybersecurity standards, MFA enforcement, penetration test results, external audit reports, and access privileges in identity management systems.
• Maintain an updated risk register within the vendor management system showing vendor information, scope of work, stakeholders, and associated cyber, legal, or operational risks.
• Issue a formal risk report on security gaps and vendor risks for Executive stakeholders on a quarterly basis and provide frequent updates on remediation efforts.
• Assist in the development of AI Governance for the organization to identify security risks and mitigations.
• Collaborate with procurement and legal teams to confirm security clauses in contracts (e.g., breach notification, data handling) and ensure adherence to organizational cybersecurity policies
• Present to Franchisees on Cybersecurity best practices related to vendor relationships and respond in a timely manner to Franchisee vendor requests.
• Provide support to teams during security events (e.g. ransomware attacks or other security incidents) for third parties, execute analysis, and document vendor remediation efforts post-incident.
• Present technical information to technical and nontechnical audiences to explain vendor technologies and risks in detail.
• Provide actionable recommendations to stakeholders concerning third-party technologies to increase efficiency and promote cost savings throughout the organization.