Senior Analyst – Cyber Risk & Control Monitoring

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Technology Risk Management, or a related field (or equivalent experience)
• 3+ years of experience in cybersecurity, architecture, IT risk, or technology audit
• Experience designing controls to address risks, identifying residual risks, and executing control assurance procedures (design and operating effectiveness)
• Strong understanding of control frameworks and regulatory expectations (e.g., NIST CSF/800-53, MAR, COBIT, SOC 2, NYDFS, etc.)
• Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines)
• Must be legally authorized to work in the United States, without the need for employer sponsorship.

Nice To Haves

• Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one

Responsibilities

• Engage in new projects (Tech Governance process) to ensure the appropriate controls are designed and implemented to meet policies, including as appropriate those related to Key Financial Systems (KFS)
• Partner with internal audit Model Audit Rule team and risk team to ensure controls designs are appropriate
• Perform initial validation of designed controls to ensure they are operating effectively prior to go-live
• Contribute to the implementation and day-to-day operations of the first line information security continuous control monitoring program
• Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions
• In partnership with 2nd line, maintain a control inventory and control-to-evidence mapping aligned to internal policy and external frameworks; ensure controls have clear owners, descriptions, and measurable success criteria
• Identify coverage gaps, control weaknesses, and emerging risks through ongoing monitoring, and drive changes to the 1st line monitoring program based on findings
• Develop and maintain control test procedures (what is tested, data sources, sampling/coverage, frequency, and pass/fail criteria) and ensure results are reproducible and audit-ready
• Assist D&T control owners in designing remediation plans that address root-cause correction, appropriate compensating controls, and achieve measurable risk reduction
• Validate effectiveness of remediation actions identified through the 1st line monitoring program, confirm resolution and adequacy to prevent recurrence

Benefits

• Skill-building
• Leadership development
• Philanthropic opportunities
• Contemporary, supportive, flexible, and inclusive benefits and resources