Cybersecurity Analyst III

About The Position

Requirements

• Bachelor’s degree in computer science, information systems, or related field, or equivalent combination of education and/or related professional work experience.
• 3+ years of demonstrated proficiency with an cybersecurity audit, assessment, engineering or architecture focus or comparable professional experience.
• Knowledge of cybersecurity regulations, guidance and policies (e.g., PCI-DSS, NYDFS, CCPA, etc.).
• Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, and governance.
• Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing.
• Basic leadership and teaming skills as well as demonstrated integrity within a professional environment.
• Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing.
• Aptitude for speaking or communicating to varied groups of business and technical professionals.
• Experience in presenting technical material to a nontechnical audience and to senior management.
• Experience in the review and development of security policies, standards or other governance practices.
• Demonstrated relationship management and consulting skills, including ability to effectively influence and negotiate.
• Proven ability to provide high quality customer service.
• A resume is required to apply.

Nice To Haves

• Financial Services industry experience.

Responsibilities

• Continuously monitor the internal and external landscape for relevant events, risks, and threats related to malicious code, vulnerabilities, and potential attacks in alignment with the MITRE ATT&CK framework.
• Remain current with emerging threats and share knowledge with colleagues to improve incident response processes.
• Help coordinate and ensure cybersecurity-related alerts and incidents are prioritized and responded to at all hours of the day.
• Act as a technology, service or process owner as appropriate, ensuring appropriate documentation, configuration, maintenance and access reviews of technologies, vended services and processes.
• Participate in the coordination, consultation, and assessment efforts to track and remediate events and alerts, directs response to related incidents, internal or external audits, and / or control assessments.
• Collaborate with other Enterprise Information & Technology (EI&T) teams to protect data from compliance, privacy or security compromises.
• Participate in the creation and execution of tabletop, purple team, and attack simulation exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders.
• Review findings from tabletop exercises, vulnerability scans and penetration testing to identify weaknesses or gaps in existing security controls and assist in providing recommendations where appropriate.
• Review and evaluate third-party security posture, helping to identify risks, document findings, and support remediation efforts to ensure vendors and partners meet organizational security standards.
• Participate in the identification of risks throughout the organization, reporting and monitoring formats on risk management issues and developing methodologies for the assessment of risks throughout the organization.
• Contributes to the development, tracking, and reporting of security metrics and KPIs for team activities, using insights to drive continuous improvement, reduce security risk and/or inform other security education opportunities.
• Contribute to the strategic direction of the Cybersecurity team to develop new capabilities, process efficiencies and goals.
• Assist in the development, review, ongoing maintenance and development of security policies, standards, processes, procedures and requirements to facilitate the establishment of common administrative controls for the delivery of security capabilities.
• Develop content for organization wide and targeted security awareness training.
• Present relevant cybersecurity topics through a variety of forums depending on the audience.
• Support leadership with all aspects of the cybersecurity enterprise-wide risk management program, with minimal supervision.
• Responsibilities include facilitating the identification of risks throughout the organization, reporting and monitoring formats on risk management issues and developing methodologies for the assessment of risks throughout the organization.
• Participate in various security assessments in support of compliance, privacy or security requirements for the enterprise.
• Lead localized assessments where appropriate.
• Participate in the development, review, ongoing maintenance and development of security policies, standards, processes, procedures and requirements to facilitate the establishment of common administrative controls for the delivery of security capabilities.
• Provide cybersecurity guidance as appropriate
• Escalate issues as deemed appropriate.
• The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time.

Benefits

• medical
• dental
• vision
• employee assistance program
• life insurance
• disability plans
• parental leave
• paid time off
• 401k
• tuition reimbursement