Job description
The Cyber Risk Operational Assurance team is searching for an innovative, collaborative, relationship-oriented individual who is excited by the concept of leveraging automation to streamline and improve technology and cybersecurity assurance through testing the capabilities of our enterprise Cyber Risk Management program. The person in this role will contribute to the execution of our information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues.
This individual will be focused on supporting our Risk Capabilities Monitoring and Validation (RCMV), both in its delivery and continuous development efforts. This individual will also support manual application requirements and control testing.
How you will make an impact:
This individual will be focused on supporting our Risk Capabilities Monitoring and Validation (RCMV), both in its delivery and continuous development efforts. This individual will also support manual application requirements and control testing.
How you will make an impact:
- Drive innovation through harness the power of data to fundamentally change how Cyber Risk Management control performance is understood and to provide broader risk coverage
- Partner with Cyber Risk Management teams and Technology subject matter experts to determine control tests that assess the effectiveness of Cyber Risk Management capabilities.
- Performs manual application requirements and testing that assess the effectiveness of Cyber Risk Management and Technology capabilities.
- Serve as a cybersecurity subject matter expert, assessing the business impact of cyber capability weaknesses to the enterprise and identifying options and recommendations for mitigating those issues.
- Provide guidance on effectively managing the weaknesses of ineffective capabilities, and influences decision making by educating business stakeholders.
- Work closely with other members of the Cyber Risk Management team to lead changes in the organization's defense posture.
- 6+ years of experience in Information Security or a related field.
- A working understanding of information security technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, SIEM, active adversary deception, and others.
- Knowledge of laws, regulations, and standards, including NIST 800-53, PCI DSS, HIPAA, and others with experience in performing assessments associated with these frameworks.
- Ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
- Ability to succeed in an environment that values collaboration, predictability, and transparency while championing a culture of experimentation, innovation, and taking measured risks.
- Ability to clearly present complex/security subjects and findings to technical staff and management.
- Exceptional technical writing skills including documentation development, process mapping, and visualization.
- Effective and consistent collaboration through available mediums that enable remote team communication.
- Ability to work effectively in a diverse team and promote team diversity.
