Cyber Security Analyst

Job Title: Sr. Cybersecurity Risk Analyst

Location: Brooklyn, NY

Duration: 24 Months

Responsibilities:

• Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City;
• Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise;
• Work with stakeholders across various divisions, soliciting input and working through feedback;
• Evaluate risk of third parties used by New York City agencies;
• Document and track remediation of risks in the Risk Register;
• Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies;
• Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines;
• Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary;
• Engage in communications with NYC Agencies;
• Handle special projects and initiatives as assigned.

Required Sklls:

• A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.

DESIRABLE SKILLS/EXPERIENCE:

• BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.
• One or more of the following certifications are a plus:
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• CompTIA Security
• CompTIA Network
• CompTIA A
• CompTIA CySA
• Cisco Certified Network Associate - CCNA
• CEH: Certified Ethical Hacker
• GIAC Information Security Fundamentals (GISF)
• GIAC Security Essentials (GSEC)
• (ISC)2 Systems Security Certified Practitioner (SSCP)
• Ability to work effectively in a team environment.
• Being highly organized, motivated and a self-directed professional.
• Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services.
• Understanding of commonly used computer operating systems, databases, network structures.
• Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)
• Investigative and analytical skills.
• Excellent oral and written communication skills;
• Knowledge of the current and evolving cyber threat landscape;
• Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;