This role is Contract to Hire!
Only candidates from a financial services industry background are needed!
Job Summary/Basic Function
Cybersecurity & Technology Risk Management Compliance Analyst ensures our financial services client is complying with several cybersecurity regulatory requirements, cybersecurity industry standards, frameworks, and best practices. Additional staffing is required to assist with the identification, development, and ongoing mapping of internal cybersecurity and technology policies, procedures, and controls that demonstrate compliance with cybersecurity regulatory requirements, as well as work with stakeholders to address gaps and inconsistencies. This function provides transparency into the cybersecurity laws and regulations that govern our client's policies and facilitates the mapping of those requirements to controls. In addition, the function monitors and organizes existing controls and their alignment in the enterprise GRC tool. The ideal candidate has done related work for at least five years and has a thorough knowledge of technology controls (IT and cyber), including how they are executed in today’s IT threat landscape. The incumbent should have a strong understanding of testing cyber security methodologies, frameworks, and regulations in the financial services sector.
Principal Responsibilities:
• Perform mapping of regulatory requirements to policies, procedures, industry standards, frameworks, and existing controls
• Review policies and procedures that demonstrate compliance with regulatory requirements and work to address gaps and inconsistencies.
• Continue to develop and maintain a comprehensive library of applicable cybersecurity laws and regulations, as well as requirements and resulting controls.
• Monitor regulatory trends, guidance, and new regulations that impact cybersecurity and require enhancements to the existing control framework.
• Prepare reports on the status of the program to appropriate governance structure(s) and senior management.
• Support the facilitation of impact assessments to evaluate new or changing regulations and readiness for compliance.
• Evaluate new initiatives and business ventures to identify and evaluate compliance requirements and readiness.
• Develop action plans for developing and enhancing cybersecurity controls and provide ongoing support and monitoring of their implementation.
• Evaluate policies and procedures to identify and address any compliance gaps or inconsistencies within the control framework and alignment with applicable regulations.
• Understand cyber and IT best practices, including knowledge of frameworks, guidelines, and regulations (i.e., NIST Cybersecurity Framework, FFIEC, NYSDFS)
• Ensure cybersecurity and technology risk management meets all industry regulations, standards, and compliance requirements.
Qualifications
• 5+ years’ experience; prior experience in risk management, legal, compliance, or auditing preferred
• Bachelor's degree preferred; advanced degree and/or certification a plus
• College Degree in Business Management / Computer Science [or related field preferred]
• CISA, CISM, CISSP, CRISC or equivalent certification
Specific Qualifications
• Proficient in PowerPoint, Excel, and Word
• Knowledge of financial services laws and regulations, particularly in the securities markets
• Experience working at or with financial services regulators (e.g. SEC, FRB, NYSDFS, CFTC, ESMA, etc.) is highly desirable
• Previous audit experience preferred.
• Familiarity with ISO/IEC 27001/27002:2013, the NIST Cybersecurity Framework, NIST Special Publication (SP) 800-53, or other cyber, technology, or financial services guidelines, frameworks, and regulations is required.
• Expert writing skills to support thorough documentation and communication of information security principles.
• Intermediate-level experience with Microsoft Excel. Has the ability to create metrics
• Understand the concepts of information technology risk and the different elements required to mitigate risk.
• Knowledge of basic compliance principles and standards, including industry best practices and compliance controls
• Proven knowledge of technical infrastructure, networks, databases, and systems and how they affect an organization's cybersecurity and technology risk
• Ability to work efficiently and independently with minimal supervision (i.e., self-motivated, proactive, and willing to stretch to meet important deadlines).