Cyber Security Analyst

Our client has an immediate need for a full-time Cyber Security Analyst to join the Office of the CIO team.

Location: The role will be 100% remote while COVID-19 travel/social distancing restrictions are in place. Once those restrictions are lifted, onsite requirements will be reassessed at that time.

Term: October 12, 2020 to October 12, 2021 with possible extension

Role Responsibilities: Leading the implementation and maintenance of drafted cyber security standards based on NIST 800-53, ITSG-33, and best practices. This includes creating controls, updating security standards, consulting with product teams and stakeholders on controls for both on-premise and cloud environments. The incumbent will maintain a central mapping of controls to security frameworks such as NIST 800-53 and ITSG-33. The role may also involve vendor security reviews, including reviewing security provisions within contracts and follow-up activities. Additionally, providing general security consultation across the organization as needed.

Required Skills:

• Thorough knowledge of security and information risk management processes
• Lead development, implementation, and maintenance of information risk and cyber security policies and standards
• In-depth knowledge of cloud deployment models, security responsibilities, and cyber security frameworks (e.g., NIST 800-53, ISO 27001:2013, ITSG 33)
• Experience mapping security controls across various frameworks
• Extensive experience leading vendor security assessments, including reviewing Security Organization Control reports (SOC 1 and SOC 2) and managing the resolution of identified gaps
• Excellent consulting, facilitation, verbal, written, and listening skills; ability to communicate effectively with internal and external contacts at all levels
• Educational background typically includes an undergraduate degree in Computer Science combined with 7 years of related security experience or an equivalent combination of education and experience.