Apply on Employer Site

Fort Washington Investment Advisors, Inc. · 1 month ago

Cybersecurity Governance Analyst III

US-OH-CINCINNATI

Full-time

Onsite

Senior Level

5+ years exp

Fort Washington Investment Advisors, Inc. is seeking a Cybersecurity Governance Analyst III to support business and IT teams with security consulting for corporate initiatives and information security projects. The role involves performing risk assessments, developing security policies, and ensuring compliance with cybersecurity regulations while collaborating with various teams to enhance the organization's security posture.

Financial Services

Responsibilities

Assists team in performing third-party vendor due diligence security reviews to ensure compliance with information security policy, security procedures, and regulatory requirements. Identifies and reports deficiencies or risks to the appropriate stakeholders. Follows up with business teams and third parties to escalate issues when necessary

Participates in the effort to address identified IT audit findings and cybersecurity risks with corrective action plans. Works with senior team members to support process/program improvements. Conducts ongoing monitoring of the first-party security posture and performance. Acts as a liaison with Internal Audit on IT audits

Works with project teams to ensure PMLC/SDLC tollgates are being met for security and that the appropriate security artifacts are being maintained. Helps in PMLC/SDLC planning and makes certain it assesses the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability

Conducts in-depth research to understand industry best practices, emerging trends and the latest open source methods that will help address current security challenges and enable new ways of delivering value to the Enterprise

Works with IT and the business serving as a technical security consultant on IT and business projects. Provides input on complex business problems and helps deliver solutions that address risks to the corporate network and information assets. Ensures the appropriate level of controls are applied based on industry standards, best practices, and cybersecurity regulations by developing repeatable processes to identify, evaluate, and measure IT security risk

Helps manage the information security policy lifecycle, including policy creation, policy maintenance, policy exception, and policy change requests. Works with them to help improve the overall security policy framework. Works with the business and IT management to ensure that the security policy framework and internal controls are being appropriate followed. Conducts risk assessments based on policy and control evaluations

Contributes to the development, review, implementation, and maintenance of the organization's information security awareness program. Assists in effort to collaborate with HR and Corporate Communication teams to deliver security training and security awareness to associates and consultants

Helps manage the remediation of audit and security review findings and recommendations

Performs other duties as assigned

Complies with all policies and standards

Qualification

Information Security GovernanceRisk ManagementNIST FrameworkSecurity AssessmentsCISSP CertificationIT Audit ExperienceCompliance FrameworksSecurity Awareness TrainingAnalytical SkillsBasic Computer KnowledgeMicrosoft Office ProficiencyProblem-Solving SkillsCommunication SkillsTeam Collaboration

Required

Bachelor's Degree Computer Science, Computer Engineering, IT or a related technical field, or commensurate selection criteria experience

Typically requires at least five years of combined work experience in information assurance and security roles such as IT Audit, Risk, Compliance and Information Security

Experience in the areas of information security governance and third-party risk management

Experience working with IT risk and compliance frameworks such as NIST (preferred), ISO, COBIT, COSO, COBIT, etc

Experience working with best practices and industry cybersecurity regulations

Experience with information security, security awareness, and risk assessment and mitigation concepts, methodologies, and processes

Proven experience in completing assigned tasks accurately and on a timely basis

Proven ability to identify and assess the severity and potential impact of risks

Demonstrated inherent passion for information security and service excellence

Ability to identify project risks and gaps, developing creative and workable solutions to complex problems and policy issues

Strong team player - collaborates well with others to solve problems and actively incorporate input from various sources

Demonstrated strong analytical and problem-solving skills with the ability to grasp new concepts and apply them; effectively evaluates information / data to make decisions; anticipate obstacles and develop plans to resolve

Possess and display excellent verbal and written communication skills with ability to convey information to internal and external customers in a clear, focused, and concise manner

Demonstrated calm and professional demeanor when handling demanding situations

Proven ability to work with a team and multiple stakeholders to provide direction and oversight

Demonstrated self-starter with strong internal motivation

Proven ability to work under multiple deadlines and with minimal supervision

Basic computer, network, and system knowledge and skills with a thorough understanding of security controls

Strong proficiency in the use of Microsoft Office, particularly Word, Excel, PowerPoint

CISSP Certified Information Systems Security Professional Candidate encouraged to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), any GIAC certification or ISACA certifications. Upon Hire