Cyber Risk Analyst (BC)
Edison, NJ - Information Technology - Hybrid - Full time
Date Posted: 12/5/2023
Cyber Risk Analyst (BC)
Edison, NJ (Hybrid)
MAJOR RESPONSIBILITIES/ESSENTIAL FUNCTIONS:
Provide expertise of security functions to assist relevant teams with the development and implementation of standards, policies, and controls. Updates, creates and maintains policies, procedures, and standards; facilitates the approval process. Tracks policies, procedures, and standards waivers and postponements. Tracks exceptions provided by personnel to ensure compliance. Develops remediation plans with teams to remediate gaps in compliance and conducts periodic checks of remediation tracking. Reviews and assesses business units for compliance to developed controls, standards, policy, and baselines. Develops information security communications including the communication of security action plans to the organization. Communicates compliance regulations and provides guidance on interpretation of security regulatory requirements. Assists with the development, maintenance, and publishing of relevant governance materials (policies, standards, etc.) to promote and enforce compliance. Responsible for facilitating, planning, training, and developing training for personnel and sites in scope for regulatory requirements. Coordinates with internal and external audits, legal, compliance, subject matter experts, and cybersecurity to respond/support regulatory requests. Develops metrics for reporting compliance progress to leadership, boards, and regulatory bodies. Evaluates and assesses OT third party vendors and their products to ensure compliance with cybersecurity requirements.
Associates degree related to Computer Science, Information Security, Information Technology or related fields. Must have 3 years of experience with information security, IT audit, and/or information risk management. Experience designing secure networks, systems and application architectures for OT environments preferred. Experience with common security standards and compliance requirements including, but not limited to ISO27001, ISA 62443, NIST CSF / 800-53, and NERC CIP preferred. Excellent communication skills, with an ability to tailor and engage communication across all levels of the organization. Knowledge and understanding of the design of operational technology systems. CISSP Certified Information Systems Security Professional preferred. Certified Information Systems Auditor (CISA) preferred. Ability to travel to training, conference and remote site visits.
Please contact Brian Clark at firstname.lastname@example.org