US
0 suggestions are available, use up and down arrow to navigate them
PROCESSING APPLICATION
Hold tight! We’re comparing your resume to the job requirements…
ARE YOU SURE YOU WANT TO APPLY TO THIS JOB?
Based on your Resume, it doesn't look like you meet the requirements from the employer. You can still apply if you think you’re a fit.
Job Requirements of Principal Cybersecurity Risk Analyst:
-
Employment Type:
Contractor
-
Location:
Newark, NJ (Onsite)
Do you meet the requirements for this job?
Principal Cybersecurity Risk Analyst
Careers Integrated Resources Inc
Newark, NJ (Onsite)
Contractor
Job Description: Job Overview
The Principal Cybersecurity Risk Analyst (PCSA) will lead project and technology-based risk assessments within the environment, lead technical and nontechnical third party risk assessments, and recommend mitigating action or controls. The PCSA will further identify and convey information security, physical security, business continuity, and, IT operational requirements to project teams, and the Sourcing department in support of new contracts and ongoing engagements. The primary responsibility of the PCSA is to oversee and monitor mitigation strategies for information security risks.
Major Responsibilities
1. Lead third party vendor risk, project risk, or technology risk assessments. Oversee the assessment of the adequacy of a vendor's security program to Product ***NJ data. Communicate with business and IT regarding security risks and deficiencies.
2. Lead ongoing security assessments to validate appropriate controls are in place. Review Vendor reports to acknowledge findings from the security assessments and document remediation action plans. Ensure proper evidence is gathered to facilitate timely closure of remediation plans.
3. Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements and internally to junior analysts.
4. Lead the development and improvement of security processes, assist in metrics development, both within the technology and business organizations. Continuously review and improve the TPRM program, with the intention of improving the efficiency of the workflow as well as the quality of metrics development and reporting.
5. Lead cross-functional teams to serve as the facilitator between the Information Cyber Security Office and the broader organization. Act as a security advisor and ensure an ongoing awareness of identified risks.
6. Collaborate with internal ICSO teams to utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed. Conduct technical research to aid in threat assessment.
7. Lead the evaluation and assessment of supplier criticality and review changes in scale and Product of services contracted with supplier for material impact.
8. Actively promote commitment to ***NJ s Information Security, Enterprise Risk Management and Audit initiatives, as well as its culture of compliance.
Internal Relationships:
Legal Affairs, IT Governance, or IT Security Operations
Internal Customers/Users
Internal clients and constituents
External Relationships:
3rd Party Suppliers/Vendors
4th Party Suppliers/Vendors
External Customers
The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position. This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.
Qualifications
Education/Experience
HSD or GED required, Bachelor Degree preferred (or equivalent work experience)
Third party, technology, and project risk assessment experience
Experience with Governance, Risk, and Compliance tools
5 year experience in Risk Management with advanced understanding of Third-Party Risk Management.
7 years of experience in an Information Technology Audit/Information Security
Proficient working knowledge within the following risk domains/technologies:
- Change Management
- IDS/IPS technologies
- Firewall technologies
- Network Architecture
- Vulnerability Management
- System/Access Administration
- Key Management/Tokenization
- Database and application security
- Secure Software/Code Development
- Physical and Environmental Security
- Security Event Logging & Monitoring
- Database/Application/Network Layer Secure Protocols
- Cloud Security
- Identity & Access Management
- Business Continuity and Disaster Recovery Management
- Automation/Artificial Intelligence
Additional Licensing, Certifications, Registrations
CISSP, CISA, CRISC or equivalent;
Knowledge:
Requires a solid understanding of IT security concepts with an emphasis on Security and Risk Assessment.
Requires solid knowledge of IT and computer systems.
Requires familiarity with HIPAA security rules and National Institute of Standards and Technology (NIST) standards
Requires familiarity with Vendor Risk Management.
Suggested familiarity with ServiceNow tool.
Skills:
Requires strong analytical thinking skills.
Requires excellent verbal and written communication skills.
Requires excellent interpersonal skills and the ability to work effectively with others as a team.
Requires excellent PC skills and demonstrated proficiency with MS Office Suite.
Requires the ability to handle multiple tasks and prioritize effectively.
Ability to train/mentor incoming team members.
Travel (If Applicable)
Conduct on-site/virtual security assessments to measure the effectiveness of the third parties current control environment. (Some travel may be required.)
The Principal Cybersecurity Risk Analyst (PCSA) will lead project and technology-based risk assessments within the environment, lead technical and nontechnical third party risk assessments, and recommend mitigating action or controls. The PCSA will further identify and convey information security, physical security, business continuity, and, IT operational requirements to project teams, and the Sourcing department in support of new contracts and ongoing engagements. The primary responsibility of the PCSA is to oversee and monitor mitigation strategies for information security risks.
Major Responsibilities
1. Lead third party vendor risk, project risk, or technology risk assessments. Oversee the assessment of the adequacy of a vendor's security program to Product ***NJ data. Communicate with business and IT regarding security risks and deficiencies.
2. Lead ongoing security assessments to validate appropriate controls are in place. Review Vendor reports to acknowledge findings from the security assessments and document remediation action plans. Ensure proper evidence is gathered to facilitate timely closure of remediation plans.
3. Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements and internally to junior analysts.
4. Lead the development and improvement of security processes, assist in metrics development, both within the technology and business organizations. Continuously review and improve the TPRM program, with the intention of improving the efficiency of the workflow as well as the quality of metrics development and reporting.
5. Lead cross-functional teams to serve as the facilitator between the Information Cyber Security Office and the broader organization. Act as a security advisor and ensure an ongoing awareness of identified risks.
6. Collaborate with internal ICSO teams to utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed. Conduct technical research to aid in threat assessment.
7. Lead the evaluation and assessment of supplier criticality and review changes in scale and Product of services contracted with supplier for material impact.
8. Actively promote commitment to ***NJ s Information Security, Enterprise Risk Management and Audit initiatives, as well as its culture of compliance.
Internal Relationships:
Legal Affairs, IT Governance, or IT Security Operations
Internal Customers/Users
Internal clients and constituents
External Relationships:
3rd Party Suppliers/Vendors
4th Party Suppliers/Vendors
External Customers
The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position. This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.
Qualifications
Education/Experience
HSD or GED required, Bachelor Degree preferred (or equivalent work experience)
Third party, technology, and project risk assessment experience
Experience with Governance, Risk, and Compliance tools
5 year experience in Risk Management with advanced understanding of Third-Party Risk Management.
7 years of experience in an Information Technology Audit/Information Security
Proficient working knowledge within the following risk domains/technologies:
- Change Management
- IDS/IPS technologies
- Firewall technologies
- Network Architecture
- Vulnerability Management
- System/Access Administration
- Key Management/Tokenization
- Database and application security
- Secure Software/Code Development
- Physical and Environmental Security
- Security Event Logging & Monitoring
- Database/Application/Network Layer Secure Protocols
- Cloud Security
- Identity & Access Management
- Business Continuity and Disaster Recovery Management
- Automation/Artificial Intelligence
Additional Licensing, Certifications, Registrations
CISSP, CISA, CRISC or equivalent;
Knowledge:
Requires a solid understanding of IT security concepts with an emphasis on Security and Risk Assessment.
Requires solid knowledge of IT and computer systems.
Requires familiarity with HIPAA security rules and National Institute of Standards and Technology (NIST) standards
Requires familiarity with Vendor Risk Management.
Suggested familiarity with ServiceNow tool.
Skills:
Requires strong analytical thinking skills.
Requires excellent verbal and written communication skills.
Requires excellent interpersonal skills and the ability to work effectively with others as a team.
Requires excellent PC skills and demonstrated proficiency with MS Office Suite.
Requires the ability to handle multiple tasks and prioritize effectively.
Ability to train/mentor incoming team members.
Travel (If Applicable)
Conduct on-site/virtual security assessments to measure the effectiveness of the third parties current control environment. (Some travel may be required.)
Get job alerts by email.
Sign up now!
Join Our Talent Network!