We are looking for a Senior Cyber Security Risk Associate to join our rapidly growing IT Risk and Compliance team, as part of the Office of the CISO. Reporting to the IT Risk and Compliance Manager, The Senior Cyber Security Risk Associate will work alongside the IT infrastructure and security teams in driving Alcority's Cyber Security Risk Management program in identifying, assessing and managing the risks to Alcority and Enterprise Company assets. The ideal candidate for this position is a self-starter, problem solver, and integrator of people and processes, as well as an effective internal consultant. The candidate will directly contribute to and/or manage data-driven, quantified information security risk analysis efforts. The Senior Cyber Security Risk Associate is supported by the security operations teams and enterprise company security teams based in Dallas, New York, and the UK. Principle Functional Responsibilities Identify enterprise level security risks and report status to executive management on periodic basis (i.e. monthly, quarterly and etc.). Aggregate and track security risks across various business units, security domains and asset categories. Perform quantitative risk assessments/analysis on various security related issues and develop actionable reports to be distributed to stakeholders. Support the development and management of Alcority’s Enterprise Cyber Risk Register. Establish a process to quantify residual risk when deviations from established baseline set of security controls occur. Continually improve risk assessment programs and questionnaires to aid in the identification and mitigation of security risks. Maintain and manage the established risk management framework to stay aligned with quantification principles and be closely tied to leading industry frameworks. Assess and recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment. Play key supporting role in various security Governance, Risk and Compliance initiatives (i.e. policy & standards development, GRC tooling discussions and planning, and strategic enterprise initiatives). Drive oversight and monitoring of risk mitigation and coordination of policy and controls with the Risk Management function to ensure that other stakeholders are taking effective remediation steps. Lead and manage Security Training and Awareness program that leverages tools to support phishing simulation (testing) as well as annual required cybersecurity trainings. Training - Plan, design, and launch annual cybersecurity trainings and remedial trainings for phishing failures Testing - Launch and coordinate phishing simulations and testing to baseline the efficacy of our Security Awareness program Communications - Coordinate monthly cybersecurity newsletters and quarterly Lunch & Learn events Contribute to process improvement activities, participating in information security assessment special projects and other assessment related activities. Aid the Third-Party Risk team with Third-Party and vendor security reviews Prepare cybersecurity updates, metrics, and materials for the Alcority Leadership Team meetings in coordination with our CISO Required Education, Experience, & Skills Bachelor’s degree in Computer Science, Information Security, Risk Management, or related field (or appropriate experience). 7 to 10 years of experience in Information Security roles (i.e. security assessments/analysis, risk management, compliance) Working knowledge of Cybersecurity Risk Management frameworks (i.e. FAIR, ISO27005, etc.). Working knowledge and understanding of information security frameworks/standards (e.g., ISO27001, NIST, COBIT, PCI, etc.) Must possess excellent oral and written communication skills and the ability to communicate in both technical and business terms. Ability to simultaneously handle multiple projects, adjust to changing priorities while multitasking effectively. Critical thinker, self-directed with proven ability to collaborate and influence change Must possess the ability to develop presentations and deliver them to senior management Preferred Experience, Education, and Skills Experience in performing quantitative risk analysis assessments. Professional certifications in Information Security, Risk Management and/or Compliance preferred (e.g., Security , CISSP, CISA, CISM, CRISC, etc.). Passion for technology, with demonstrated ability to single-handedly uncover root causes of complex technical problems and directly provide guidance and assistance on solving them Experience working with compliance or privacy frameworks, i.e., PCI DSS, HIPAA, HITRUST, SOC 1/SOC 2, GDPR It is impossible to list every requirement for, or responsibility of, any position. Similarly, we cannot identify all the skills a position may require since job responsibilities and the Company’s needs may change over time. Therefore, the above job description is not comprehensive or exhaustive. The Company reserves the right to adjust, add to or eliminate any aspect of the above description. The Company also retains the right to require all employees to undertake additional or different job responsibilities when necessary to meet business needs. Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future. Benefits & Perks: Time Off: 25 days of PTO for full-time employees and 12 company holidays. Company Paid Benefits: Life insurance, Short-term disability, Long-term disability, Paid parental leave, Employee Assistance Program, and medical insurance in our high deductible health plan. Optional Employee Paid Benefits: Medical insurance in our EPO plan, Dental benefits, and Vision benefits. We also offer Health Savings Accounts, Flexible Spending Accounts, Supplemental Life insurance, and more. 401(k): Eligible after 60 days. Discretionary company match of 50% up to the first 6% of contributions. EQUAL OPPORTUNITY EMPLOYER ALCORITY IS AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER. THE COMPANY'S POLICY IS NOT TO DISCRIMINATE AGAINST ANY APPLICANT OR EMPLOYEE BASED ON RACE, COLOR, RELIGION, NATIONAL ORIGIN, GENDER, AGE, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, MARITAL STATUS, MENTAL OR PHYSICAL DISABILITY, AND GENETIC INFORMATION, OR ANY OTHER BASIS PROTECTED BY APPLICABLE LAW. THE FIRM ALSO PROHIBITS HARASSMENT OF APPLICANTS OR EMPLOYEES BASED ON ANY OF THESE PROTECTED CATEGORIES. We enable our customers to rapidly modernize and scale their businesses, creating unique opportunities for our people to realize their own potential. Our simple foundational values, shared by everyone in the company, are three-fold. We’re results-driven, always focused on making a tangible difference for our customers. We believe in building long-term relationships with those who rely on our know-how and expertise. And we’re humble about our own achievements, because we only succeed when our customers do. We’re open You’ll find us welcoming, helpful and approachable. We listen and trust each other to build strong relationships with our colleagues, customers and partners. We’re irrepressible There’s a constant buzz of energy and enthusiasm for what we do. The spirit of, and passion for, entrepreneurship runs deeply through our organization. We’re aware We are always keeping on emerging practices and technologies in the market, while also investing in deepening our understanding of our customers’ businesses and unique challenges We have integrity We bring our real selves to work, respect each other and put the team first. Everything we do is considered and for the benefit of the companies we support.