Senior Cyber & Technology Risk Consultant

About The Position

Requirements

• 3+ years of experience in IT risk management, cyber risk, technology controls, or audit
• Experience using the NIST Cybersecurity Framework (CSF) or similar standards
• Strong understanding of technology and cybersecurity controls
• Experience performing control testing, including design, and operating effectiveness
• Ability to analyze processes, ask the right questions, and identify risks and gaps
• Strong communication skills to work with product, engineering, and security teams

Nice To Haves

• Bachelor’s degree in a technical field (cybersecurity, information assurance, computer science, or related discipline)
• Background in financial services, insurance, or other highly regulated industries
• Exposure to control testing automation, scripting, or data‑driven testing approaches
• Professional certifications: CISSP (highly valued), CISA, CRISC
• Experience with risk profiling models or enterprise risk tools
• Experience working in large enterprise environments but smaller teams with high accountability and ownership

Responsibilities

• Ensure that the controls are appropriately designed, implemented correctly, and functioning effectively in alignment with NIST 800 53, NIST CSF, COBIT, and internal standards
• Perform technology and cybersecurity control operating effectiveness testing
• Collect and assess evidence from product and technology teams
• Identify control gaps, deficiencies, and improvement opportunities
• Support ongoing process improvements to make control testing more efficient and risk‑focused
• Identify opportunities to apply AI tools to streamline testing, evidence analysis, reporting, and continuous control monitoring.
• Recommend automation and scripting improvements to enhance testing quality, repeatability, and efficiency.
• Partner with digital product teams to enable efficient, risk‑based testing with minimal disruption
• Prepare and help deliver simple risk reports for senior leadership, ensuring they are aware of key risks
• Assist in enhancing methodologies, testing templates, control procedures, and documentation standards.
• Support cyber resilience validation activities, including incident response, disaster recovery, and ransomware readiness.

Benefits

• Comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse.
• Monthly connectivity reimbursement for eligible remote employees.
• Opportunity to challenge the status quo and shape the future of protection.
• Support for causes that mean the most to you.