We are seeking a skilled and experienced cross-functional Governance, Risk, and Compliance consultant who can work with IT Compliance and IT Risk on assessments, testing, reporting, and risk analysis within the Information Security Program.
Responsibilities
- Perform Risk Assessments to ensure proper design and associated risks (inherent and residual) for systems, environments, and domains analyzed.
- Ability or understanding to gather information to determine threat event frequencies, loss event frequencies, susceptibility, and impact.
- Design and operating effectiveness of quarterly/re-occurring IT controls that support our regulatory assessment programs (SOX, NYDFS, etc.).
- Collaborate with cross-functional teams to identify emerging risks, assess their potential impact on the organization, and develop mitigation strategies.
- Gather information to determine threat event frequencies, loss event frequencies, susceptibility, and impact.
Requirements
- Bachelor's degree in Computer Science, Information Technology, or related field
- Experience with conducting IT/Cybersecurity audits, risk assessments, and privacy assessments.
- Familiarity with CMMI, FAIR, NIST CSF, ISO-27001, CSC 18, and Privacy regulations.
- Experience with providing remediation recommendations for issues/findings.
- Experience with GRC tools (such as Archer, ServiceNow, etc.) and project management tools (Jira).
- Good Understanding of key control points and ability to perform walkthroughs and/or review of evidence to determine operating effectiveness.