Cybersecurity Risk and Compliance Analyst (339)

Job Details

Job Location Miami, FLPosition Type Full TimeEducation Level 4 Year DegreeJob Shift DayJob Category Information Technology

Description

Summary:

The Cybersecurity Risk and Compliance Analyst ensures that the organization's technology ecosystem is evaluated correctly, assessed, and managed to ensure compliance and minimize cybersecurity risk exposure and impacts to the business. The analyst will assist with tracking open audit findings and facilitate response generation, information gathering, testing evidence, and escalation of the prior conclusions. The analyst will collaborate with infrastructure team members, drive the adoption of security best practices, assist with creating new policies, improve existing security processes, and support adherence to the organization's security policies and procedures.

Essential Duties and Responsibilities:

• Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals.
• Monitors and audits compliance of cybersecurity policies to identify gaps
• Designs, implements, and maintains cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures.
• Oversees security activities such as access control, incident management, response, forensics, and reporting.
• Build communication and escalation plans around the enterprise's third-party cybersecurity risk management activities.
• Works with regulatory officers and auditors as necessary
• Coordinates gathering third-party cybersecurity risk assessment data and prepares cybersecurity risk assessments for critical-related third parties as needed, to be published and communicated to stakeholders.
• Tracks identified cybersecurity risks and risk events.
• Maintains a current understanding of industry trends, emerging cyber threats, and new solutions that may impact the environment.
• Performs security reviews and identifies security gaps in security architecture, resulting in recommendations for inclusion in the risk mitigation strategy.
• Works with stakeholders to communicate business risk and mediation by agreed protection levels.
• Plans and conducts security authorization reviews and assurance case development for installing systems and networks.
• Performs IT and IS control reviews, including, but not limited to, operating procedures, system security, programming controls, backup and disaster recovery, and system maintenance.
• Follows up on audit findings to ensure management has taken corrective action(s).
• Translate security-related matters into business terms that are clear and understandable to executives.
• Identifies and evaluates complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement.
• Other duties as assigned.

Qualifications

Education and Experience:

• BS or MA in computer science, information security, cybersecurity, or a related field.
• 3+ years of experience in an IT audit, enterprise risk management (ERM) role, or cyber risk management role
• 3+ years of experience with regulatory compliance, risk management frameworks, and information security management frameworks (e.g., ISO 27000, CMMC, NIST 800-171, NIST Risk Management Framework, CARF, etc.)
• Strong background in conducting Business Impact Analysis (BIA) to evaluate the potential impact of cybersecurity risk on critical business processes and functions.
• Experience in understanding and articulating business goals and objectives.
• Experience identifying and assessing risks to the organization's business.
• Experience communicating complex technical concepts to non-technical audiences.
• Experience with cybersecurity principles and practices, including risk management, security controls, and incident response.
• Experience with cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems.
• Familiarity in one or more of the following areas: Identity management, PAM, SSO, and MFA
• Ability to leverage research from various sources such as government research, think tanks, academic research, and industry reports

Competencies: 

To perform the job successfully, an individual should demonstrate the following competencies:

Problem Solving- Identifies and resolves problems promptly, develops alternative solutions, and uses reason even when dealing with emotional topics.

Communication and customer services - Ability to read, write, and communicate effectively in English.  Spanish/ French-Creole is a plus, but not required. Use terminology that is appropriate to the intended audience.  Edit written work for spelling and grammar.  Speaks clearly so others can understand. Demonstrates listening to and understanding information and ideas presented through spoken words and sentences, and getting clarification.

Mathematic Skills - Applying basic arithmetic calculations, fractions, percentages, ratios, and proportions to practical situations.  Presents numerical data effectively.

Ethics - Maintains high standards of ethical conduct, demonstrates honesty and integrity, and avoids theft-related, dishonest, or unethical behavior. Works with integrity and safeguards confidentiality. Treats others with respect; keeps commitments; inspires the trust of others; adheres to integrity and ethics; upholds organizational values.

Planning/Organizing - Prioritize work activities, use time efficiently, and develop realistic action plans.

Job Commitment - Accepts responsibility and demonstrates responsible behavior, initiative, and tenacity; Works with minimal supervision and is dependable.

Professionalism - Follows all corporate policies and procedures, including occupational safety and health policies and procedures, and responds to management directions.  Maintain a professional demeanor with participants, staff, and other professionals.  Project a positive image of Goodwill.  Reacts well under pressure and accepts responsibility for own actions.  Follows through on commitments.

Work Quality - Demonstrates accuracy, completeness, and neatness.  Look for ways to improve and promote quality.  Applies feedback to improve performance.  Monitors own work to ensure quality.

Quantity of work - Produces the work the manager assigns efficiently and promptly.

Attendance/Punctuality - Report to work as scheduled and on time and remain on the job throughout regular work hours.  Notify supervisor of lateness, absence, or if an urgent reason for leaving work arises. Commit to long hours for work when necessary to reach goals; Complete tasks on time or notify supervisor of an alternate plan.

Teamwork - Works and interacts with others to accomplish overall group goals; solicits feedback to maximize results.

Safety and Security - Observe safety and security procedures; Report any safety deficiency to the immediate supervisor.  Uses equipment and materials properly. Knows what “Material Safety Data Sheets” are and where they are kept.

Personal Characteristics—Dress in appropriate business attire. Conduct yourself professionally. Take initiative. Be dependable and accurate, and take pride in your work.   

Adaptability - Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; can deal with frequent change, delays, or unexpected events.

Analytical - Can understand diverse information; collect and research data; use intuition and experience to complement data; help design workflows and procedures.

Cost Consciousness: Works within approved budget; develops and implements cost-saving measures; contributes to profits and revenue; conserves organizational resources.

Detail-Oriented – Must be an organized professional with an excellent eye for detail.

Diversity—Shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes a harassment-free environment; builds a diverse workforce.

Interpersonal Skills – Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things.

Judgment—Displays willingness to make decisions; exhibits sound and accurate judgment; Supports and explains reasoning for decisions; includes appropriate people in decision-making process; makes timely decisions.

Leadership – Exhibits confidence in self and others; Inspires and motivates others to perform well; Effectively influences actions and opinions of others; Accepts feedback from others; Gives appropriate recognition to others.  Must be highly reliable and able to carry out tasks autonomously and collaboratively.

Motivation – Self-motivated and a self-starter. Sets and achieves challenging goals; Demonstrates persistence and overcomes obstacles; Measures self against the standard of excellence; Takes calculated risks to accomplish goals. Persistent and results-oriented.

Strategic Thinking: Develops strategies to achieve organizational goals; understands the organization's strengths and weaknesses; analyzes market and competition; identifies external threats and opportunities; adapts strategy to changing conditions.

Physical Demands - The physical demands described here represent those that an employee must meet to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. While performing the duties of this job, the employee is regularly required to sit for a long time. The employee must frequently use hands to finger, handle, feel, and talk or hear. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 20 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Work Environment: The noise level in the work environment is usually moderate.