Cybersecurity Risk Analyst

About The Position

Requirements

• High level understanding of technology infrastructure, security concepts and platforms
• Advanced knowledge of the OSI model and security that is associated with each layer
• Knowledge of information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001)
• Demonstrated success in project management
• Ability to think strategically and make collaborative decisions
• Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
• Communicates quickly, clearly, concisely, appropriately and intelligently
• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Foster open communication, speaks with impact, listens to others and writes effectively
• Effective planning, time management, negotiation and delegation skills
• Ability to approach problems with an open-mind and create new and innovative ideas and methods
• Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods
• 3+ years of experience in a large and complex business environment with a successful track record working directly with senior level management in Financial Services or Banking strongly preferred
• 3+ years of experience in one or more of the following domains: Cybersecurity Governance, Risk Management, Legal Regulations, IT or Security Audit, IT or Security Compliance preferred
• 3+ years of experience performing risk assessments and/or cybersecurity vendor risk assessments preferred
• Experience with technical writing preferred
• Bachelor’s Degree in related field or equivalent work experience strongly strongly preferred

Responsibilities

• Develop and update Cybersecurity policies, standards, and procedures referencing NIST 800-53 controls and the NIST Cybersecurity Framework, including implementing revisions in accordance with updates in relevant regulatory or industry Cybersecurity practices
• Track remediation items and/or findings to completion as part of the risk assessment process
• Collaborate with business partners to manage Cybersecurity needs
• Initiate, facilitate, and promote Cybersecurity within the organization and monitor adherence to Cybersecurity policies, standards and controls
• Perform third party risk assessments
• Partner with Application Custodians to perform application risk assessments
• Possess and continue building knowledge of GRC tooling, processes, and the global regulatory environment relating to the management of risk
• Drive maturation of the Cybersecurity Risk Program through continuous process improvement

Benefits

• 401K matching
• bonding leave for new parents (12 weeks, 100% paid)
• tuition assistance
• training
• GM employee auto discount
• community service pay
• nine company holidays