Our Client, a Global Investment Bank, is seeking a Cyber Security Consultant in their New York, NY location.
Responsibilities:
- Perform detailed cybersecurity risk assessments for applications, ensuring alignment with Governance, Risk, and Compliance (GRC) frameworks.
- Recommend and evaluate security controls across various domains, including IAM, endpoint security, network security, application security, cloud security, vulnerability management, configuration management, and DLP controls.
- Review and provide advisory on security architecture design documents to ensure compliance with organizational and regulatory standards.
- Assess and document compliance with bank security policies, procedures, and controls while identifying gaps and providing actionable recommendations to stakeholders.
- Support GRC initiatives by aligning risk assessments with enterprise risk management and regulatory compliance requirements.
- Collaborate with team members but demonstrate the ability to work independently on most projects.
- Evaluate and validate evidence (e.g., policies, reports, and procedures) regarding security controls, testing, and GRC metrics.
- Communicate identified risks, including their business impact, to stakeholders and provide recommendations for mitigation strategies.
- Prepare and present risk assessment findings and GRC reports to management and relevant committees.
- Conduct and document third-party vendor security risk assessments, ensuring alignment with GRC frameworks, and work with relationship managers to address critical and high-risk issues.
- Ensure compliance with enterprise policies, procedures, and applicable regulatory requirements.
- Support GRC reporting processes, including the creation of dashboards and key performance indicators (KPIs).
Must-Have Skills/Requirements:
- Cybersecurity and GRC Experience: 5–8 years of IT security analysis experience, with hands-on involvement in GRC frameworks and tools.
- Threat and Risk Assessment Expertise: Proven experience conducting cybersecurity threat and risk assessments, incorporating GRC principles, with at least one project within the past 3 years.
Technical Knowledge:
- Strong understanding of security controls and mechanisms across IT environments.
- Experience with GRC tools and platforms to document and manage risks, policies, and compliance activities.
- Familiarity with regulatory requirements, such as GDPR, CCPA, PCI DSS, and SOX.
- MS Office Proficiency: Advanced knowledge of MS Office, with a strong preference for extended experience in MS Excel (e.g., pivot tables, macros).
Key Skills:
- Expertise in cybersecurity control testing and GRC integration.
- Familiarity with cybersecurity audit and risk management methodologies.
- Strong communication skills to translate technical findings into business impacts.
- Ability to prioritize assessments, manage tasks independently, and provide proactive updates to management.
- Detail-oriented, resourceful, and team-oriented with a professional attitude.
Nice-to-Have Skills:
- Experience in financial services, with a focus on regulatory compliance and GRC integration.
- Proficiency in advanced MS Excel functions and reporting.
Educational Qualifications:
- Bachelor’s or Master’s degree in IT, Cybersecurity, or a related field (preferred).
- CISSP certification (ISC2 Associate or fully certified) is required.
- Certifications related to GRC (e.g., CRISC, CISA, or CGEIT) are highly desirable.