Information Security Associate - Security Risk & Control Lead

About The Position

Requirements

• Deep understanding of cybersecurity frameworks and best practices
• Proven experience with vendor risk assessment methodologies
• Strong knowledge of US cyber regulatory environment
• Comprehensive understanding of risk management principles and practices
• Minimum 4+ years of relevant information security experience
• Excellent written and verbal communication abilities
• Strong stakeholder management and relationship-building skills
• Ability to translate complex technical risks into business-friendly language
• Collaborative approach to working with cross-functional teams
• Detail-oriented with strong analytical and problem-solving capabilities

Nice To Haves

• Previous experience with any GRC platforms such as RegRoom, Cube a plus
• Relevant cybersecurity certifications (CISSP, CISA, CRISC, etc.)
• Experience in financial services or highly regulated industries
• Background in regulatory compliance and audit processes
• Project management experience

Responsibilities

• Maintain comprehensive knowledge of existing and emerging US cyber regulations
• Conduct thorough risk assessments on current and proposed cyber regulatory requirements
• Demonstrate proficiency with established cybersecurity frameworks (NIST, ISO 27001, SOC 2, etc.)
• Stay current with evolving regulatory landscape and assess impact on organizational compliance
• Lead and support regulatory compliance initiatives including SEC cybersecurity regulations, NYDFS Cybersecurity Regulation (23 NYCRR 500), and other applicable regulatory requirements
• Develop, implement, and maintain cybersecurity frameworks and map them to internal control structures
• Respond to Due Diligence Questionnaires (DDQs) from clients, vendors, and business partners
• Manage responses to regulatory inquiries and examinations from various oversight bodies
• Conduct risk assessments and gap analyses to ensure ongoing compliance
• Collaborate with cross-functional teams to implement control enhancements and remediation activities
• Monitor regulatory developments and assess impact on organizational compliance posture
• Prepare compliance reports and presentations for senior management and board committees
• Support audit activities and coordinate with internal and external auditors
• Serve as primary point of contact for vendor risk assessment activities across the US region
• Apply expertise in various vendor risk assessment frameworks and methodologies
• Collaborate effectively with regional and global business stakeholders to facilitate vendor onboarding processes
• Identify, analyze, and communicate risks associated with third-party vendor relationships
• Ensure vendor compliance with firm's security standards and regulatory

Benefits

• full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave)