NYC IT Inc
Cybersecurity Risk Analyst
Full Time • New York
| SCOPE OF SERVICES
| TASKS: · Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; · Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise;
· Work with stakeholders across various divisions, soliciting input and working through feedback; ·
Evaluate risk of third parties used by New York City agencies;
· Document and track remediation of risks in the Risk Register;
· Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies;
· Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines;
· Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary;
· Engage in communications with NYC Agencies;
· Handle special projects and initiatives as assigned.
| MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered
| · A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.
| DESIRABLE SKILLS/EXPERIENCE: ·
BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.
| · One or more of the following certifications are a plus:
o Certified Information Systems Auditor (CISA)
o Certified Information Systems Security Professional (CISSP)
o Certified in Risk and Information Systems Control (CRISC)
o Certified Information Security Manager (CISM)
o CompTIA Security+ o CompTIA Network+
o CompTIA A+
o CompTIA CySA+
o Cisco Certified Network Associate - CCNA
o CEH: Certified Ethical Hacker
o GIAC Information Security Fundamentals (GISF)
o GIAC Security Essentials (GSEC)
o (ISC)2 Systems Security Certified Practitioner (SSCP)
· Ability to work effectively in a team environment.
· Being highly organized, motivated and a self-directed professional.
· Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. · Understanding of commonly used computer operating systems, databases, network structures. ·
Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)
· Investigative and analytical skills.
· Excellent oral and written communication skills;
· Knowledge of the current and evolving cyber threat landscape;
· Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;
| TASKS: · Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; · Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise;
· Work with stakeholders across various divisions, soliciting input and working through feedback; ·
Evaluate risk of third parties used by New York City agencies;
· Document and track remediation of risks in the Risk Register;
· Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies;
· Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines;
· Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary;
· Engage in communications with NYC Agencies;
· Handle special projects and initiatives as assigned.
| MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered
| · A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.
| DESIRABLE SKILLS/EXPERIENCE: ·
BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.
| · One or more of the following certifications are a plus:
o Certified Information Systems Auditor (CISA)
o Certified Information Systems Security Professional (CISSP)
o Certified in Risk and Information Systems Control (CRISC)
o Certified Information Security Manager (CISM)
o CompTIA Security+ o CompTIA Network+
o CompTIA A+
o CompTIA CySA+
o Cisco Certified Network Associate - CCNA
o CEH: Certified Ethical Hacker
o GIAC Information Security Fundamentals (GISF)
o GIAC Security Essentials (GSEC)
o (ISC)2 Systems Security Certified Practitioner (SSCP)
· Ability to work effectively in a team environment.
· Being highly organized, motivated and a self-directed professional.
· Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. · Understanding of commonly used computer operating systems, databases, network structures. ·
Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)
· Investigative and analytical skills.
· Excellent oral and written communication skills;
· Knowledge of the current and evolving cyber threat landscape;
· Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;
Compensation: $55.00 - $60.00 per hour
(if you already have a resume on Indeed)