Cybersecurity Governance, Risk and Controls Analyst

About The Position

Requirements

• Bachelor’s degree or equivalent work experience
• Minimum of 4 years of experience in cybersecurity, technology audit, risk management, or GRC
• Experience working with cybersecurity requirements, controls, and standards.
• Strong working knowledge of NIST Cybersecurity Framework (CSF), AICPA (American Institute of Certified Public Accountants) Systems and Organization Controls (SOC) 2 framework, Gramm Leach Bliley Act (GLBA), Federal Trade Commission (FTC) requirements and guidelines, the New York Department of Financial Services 23 NYCRR 500 Regulation ("NYDFS"), the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law, the California Consumer Protection Act ("CCPA"), Federal Deposit Insurance Corporation (“FDIC”) Information Technology and Cybersecurity laws and regulations
• Experience and ability to manage workstreams and oversee tasks within technical teams
• Strong analytical skills with the ability to think critically and question the information gathered to identify gaps and non-compliance with a requirement
• Ability to work in a fast-paced environment and great collaborator within a team
• Strong attention to detail, organization and communication

Responsibilities

• Assist with the end-to-end process for regulatory compliance and examinations, including those related to NYDFS 23 NYCRR Part 500 cybersecurity regulations and other external assessments.
• Partner with Legal and Compliance to understand any current regulatory requirements, pending requirements, and the implications for our Cybersecurity Program.
• Work with our Internal Audit team to clearly define the annual audit schedule, scope, and processes for meetings and requests.
• Work with accountable leaders and teams across Cybersecurity, Technology, and other lines of business to ensure timely and comprehensive responses are documented, evidence collected and reported as required.
• Manage the process to ensure timely and complete remediation of all findings from any exam, audit, or assessment.
• Utilize company tools to document, track and provide updates on technology and cybersecurity controls, issues and risk exceptions
• Develop KPIs and KRIs associated with our Cyber Risk Exam, Audit, and Assessment Program.
• Participate in cyber risk treatment processes, including issues management, risk acceptance and risk exception.
• Support team goals by maintaining knowledge of cybersecurity policies and standards and identifying exceptions.
• Support innovation through process improvements and updating documentation and procedures

Benefits

• Health and wellbeing options including medical, prescription, dental, vision, hearing, accident, hospital indemnity, and life insurances
• Up to 4% matching 401(k)
• Employee Stock Purchase Plan (10% share discount)
• Tuition reimbursement
• Paid time off (15 days’ vacation per year, plus 2 personal days, prorated based on start date)
• Paid sick leave as determined by state or local ordinance, prorated based on start date
• Paid holidays (7 days per year, based on start date)
• Paid volunteer time (3 days per year, prorated based on start date)