Cyber Risk & Compliance Analyst

Description

At R3, we are committed to providing our clients with best-in-class solutions for all of their IT needs. We are relentless in our pursuit of excellence and dedicated to providing our clients with unsurpassed quality, service, and value day in and day out. As we continue to grow and innovate, we are seeking passionate and dedicated individuals to join our team. 

If you’re ready to join our mission of setting the standard for IT excellence, we seeking an energetic, self-motivated Cyber Risk & Compliance Analyst with experience evaluating and analyzing technology and cybersecurity implementations and risks. As a member of the Quality & Compliance (Q&C) team, you will focus on audits of critical technology functions including cloud-based technology implementations, security controls, and cybersecurity risks. This position requires an individual who can liaise with key functional teams such as IT, HR, Finance, Sales, Legal, Contracts, supply chain, and others to identify and manage information security standards and best practices that govern cybersecurity for any given client.

Responsibilities: 

• Execute major components of audits and security control assessments, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits. 
• Develop and maintain SSP and POAM documentation for in-scope environments, and applicable policies, processes, and procedures.
• Work with technical teams and clients to remediate findings related to information systems, networks, and data, determining technical solutions and recommendations for implementation.
• Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document auditee processes and procedures.      
• Understand the broader context and implications (e.g., financial, legal, reputational) of the various types of risk affecting the business and critical technology functions. 
• Establish and maintain good auditee relations during engagements. Communicate or assist in communicating the results of some audit projects to management via written reports and oral presentations. 
• Review and provide feedback on audit workpapers to achieve clear, organized, and complete documentation to support work performed. 
• Coordinate with others and proactively take on additional work. 
• Deliver appropriate, succinct, and organized information, tailoring communication style to audience. 
• Effectively communicate information, issues, and audit progress to teammates and clients. 
• Perform various aspects of engagement administration, including hours and budget tracking. 
• Provide periodic on-the-job coaching and direct supervision over less experienced associates. 

Requirements

  Ideal Teammate:

• You are a critical thinker who seeks to understand the business and its control environment. 
• You believe insight and objectivity are core elements to providing assurance on the effectiveness and efficiency of R3’s and clients’ governance, risk management, and compliance processes. 
• You possess a relentless focus on quality and timeliness. 
• You adapt to change, embrace bold ideas, and are intellectually curious. You like to ask questions, test assumptions, and challenge conventional thinking. 
• You are a firm believer that a rich understanding of data, innovation, and technology will only make you a better auditor. This will require leveraging the power of data analytics and furthering your technical expertise. 
• You are a teacher. You do the right thing and lead by example. You have a passion for coaching and investing in the betterment of your team and clients.

Basic Qualifications:

• U.S. Citizen (Federal client requirement)
• Bachelor’s degree in in Information Technology/Security, Computer Science, Information Systems Management, or related discipline
• Working knowledge of NIST 800-171, NIST 800-53, and/or CMMC frameworks and standards 
• 10+ years of experience in an information/cyber security, risk, and compliance role to include advising executives, IT management, and other stakeholders on compliant strategies and solutions
• 7+ years of technical experience using Microsoft-based solutions and products
• 5+ years of experience auditing information technology (operations, software delivery, access management, information security, cloud computing)
• 3+ years of experience in auditing information security (application security, network security, cyber security, data protection), or cloud computing controls (design, operation, risk management, auditing) or a combination
• 1+ year of experience in cloud computing and controls (design, operation, risk management, or auditing)
• 2+ years of experience in managing audit engagements, project management, or a combination

Preferred Qualifications:

• CISSP or CISM certification strongly preferred; other auditing and/or security certifications such as CCA, CCP, CIPP, CDPSE, CISA, CRISC, CGEIT, etc. desired
• Familiarity with other compliance frameworks such as FedRAMP, FISMA, SOC, PCI, ISO, HIPAA, HITRUST, etc.
• 6+ years of experience with IT control frameworks
• 3+ years of experience in cloud computing (notably AWS, GCP, Azure) and controls, or 1+ years of conducting audits of controls in cloud-based environments
• 2+ years of experience in risk and data management
• 2+ years of experience performing data analysis in support of internal auditing

Why join our winning team?

• Competitive wages to reflect your experience and skills.
• Comprehensive medical, dental, and vision insurance plans to keep you and your family healthy.
• 401(k) with company match to help you plan for the future.
• Flexible time off policies to ensure you maintain a healthy work-life balance.
• We offer many remote opportunities, allowing you to work wherever you want. 
• We are committed to creating a positive impact on society and contributing to a better world--we're involved in our community and encourage our employees to do the same.
• We are reshaping the industry and the way it thinks about technology and service.
• We strive to be better and encourage our employees to do the same by offering training incentives and bonuses to help you and your career grow. 
• The opportunity to be a part of an amazing team. 

R3 is an equal opportunity employer. It has been and will continue to be a fundamental policy of R3 to not discriminate on the basis, of race, color, religion, gender, gender identity, pregnancy, marital status, sexual orientation, age, national origin, alienage or citizenship status, veteran or military status, disability, medical condition, genetic information, or any other characteristic prohibited by federal, state, and/or local laws. This policy applies to all aspects of employment, including hiring, promotion, demotion, compensation, training, working conditions, transfer, job assignment, benefits, and termination.