Cyber Risk Management Specialist

This position will be on a six month contract.

Control Risks is seeking an experienced and versatile technology professional with proven success working on IT projects from initiation to implementation. We are seeking a technology professional with a hands-on attitude to identify security risks, generate processes and procedures, and execute changes. This candidate will have experience with managing projects in an agile fashion.

The candidate will have a broad understanding and experience in “everything” security as it relates to an enterprise environment. Technical acumen is needed to know how to read and understand various security and technical reports and be able to determine the course of action as well as lead the execution of that course with the security and IT team. This candidate should have the ability to speak in a technical manner as well as be able to have strong communication abilities that transcend the entire organization. The candidate will also understand the different domains in security (Identity and Access Management, Cyber Security Operations, Incident Response, Forensics, Compliance).

Requirements

• Proactively address issues and risks with regards to people, processes, and procedure
• Drive and lead initiatives and improvement programs
• Serve as SME for the area of specialty, and acts in a “hands-on” capacity as needed
• Help define and implement an IT risk management framework
• Evaluate the organization against the risk management framework to identify maturity level and opportunities for improvement.
• Define and implement measurements and reporting of security metrics
• Monitor for policy/standards violations and implement corrective action
• Establish and maintain training and awareness of security policy and new initiatives
• Develop and maintain policy, standard and procedural documentation
• Research, recommend and implement changes to existing policies, standards, and procedures
• Assist in the responses to IT related audits
• Collaborate with peers and stakeholders to identify and define activities that are required to maintain healthy security practices. Align with stakeholders on responsibilities utilizing RACI matrixes.
• Development and maintenance of information security systems, enhancements, and support processes to meet regulatory requirements
• Evaluate risks associated with 3rd party vendors by assessing their cybersecurity maturity
• Utilize experience and knowledge to identify risks
• Maintain the organizational cyber risk register. Define processes to support effective risk management and reporting
• Reviews, documents, and takes action to ensure that electronic, computer and development environments meet security policies and standards
• Identifies, summarizes, reviews, and reports potential/actual actions that may threaten Antares environments
• Assists in third party security audits and works with the proper team to develop mitigation
• Strong teamwork and collaboration focus; look for opportunities to assist other team members on tasks

Benefits

• Bachelor’s Degree in Information Systems, Computer Science or technology related field
• 5+ years’ experience in information technology
• 3+ years’ experience in information security
• Deep understanding of information security domains
• Strong knowledge of Microsoft Azure & O365 platforms
• Ability to create scripts using PowerShell
• Ability to script (in non-PowerShell languages) / code / leverage APIs are a plus
• Excellent interpersonal and written communication skills; strong ability to be an active listener; ability to present complex, technical ideas in a clear and concise manner to non-technical audiences
• Strong negotiation and influencing skills with ability to interact with all levels of management and employees
• Proactive and forward-thinking attitude and creative problem-solving ability
• Ability to work independently with limited supervision
• Knowledge of Security Policy Frameworks such as ISO 27001:2013, NIST 800-53/171 a plus
• Business experience in financial functions such as accounting, lending, securities trading, etc. a plus.