This job has closed.

IS3 Solutions · 4 weeks ago

Cybersecurity Sr. Risk Analyst 2

Brooklyn, NY

Full-time

Hybrid

Mid, Senior Level

4+ years exp

IS3 Solutions is looking for a Senior Risk Analyst to enhance processes related to third-party risk management and cyber risk governance. The role involves implementing risk frameworks, managing projects, and collaborating with stakeholders to strengthen the security posture.

Cyber SecurityData CenterInformation TechnologyIT Infrastructure

Responsibilities

Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City

Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise

Work with stakeholders across various divisions, soliciting input and working through feedback

Evaluate risk of third parties used by New York City agencies

Document and track remediation of risks in the Risk Register

Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies

Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines

Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary

Engage in communications with NYC Agencies

Handle special projects and initiatives as assigned

Qualification

Risk managementCybersecurity risk assessmentCybersecurity certificationsCybersecurity frameworksProject managementAnalytical skillsCyber threatsLawsRegulationsTeam collaborationCommunication skills

Required

A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team

BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field

Ability to work effectively in a team environment

Being highly organized, motivated and a self-directed professional

Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services

Understanding of commonly used computer operating systems, databases, network structures

Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)

Investigative and analytical skills

Excellent oral and written communication skills

Knowledge of the current and evolving cyber threat landscape

Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy

Preferred

One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), CompTIA Security+, CompTIA Network+, CompTIA A+, CompTIA CySA +, Cisco Certified Network Associate - CCNA, CEH: Certified Ethical Hacker, GIAC Information Security Fundamentals (GISF), GIAC Security Essentials (GSEC), (ISC)2 Systems Security Certified Practitioner (SSCP)