Description of Position:
As the Cybersecurity Governance Analyst working with the Cybersecurity Strategy & Governance (CSG) team, you are an innovative, results-oriented professional responsible for enhancing/maintaining comprehensive governance, cybersecurity risk, and compliance management program. You can assess and translate cybersecurity risk management, regulatory and compliance requirements into a coordinated controls framework that can be efficiently adopted by EIS, business and technology teams. You possess excellent communication skills and have past success interacting with executive leadership, internal stakeholders, and internal/external audit. You can analyze, understand, communicate, and document current practices while driving maturity and proactive risk management in a dynamic environment.
You will serve as a key contributor within the EIS department and partner with internal cybersecurity teams, business stakeholders, audit, and technology teams to assist in the development and execution of a comprehensive cybersecurity program. You will be interacting with senior leaders in technology and risk management to drive integration and efficiency in a highly visible role.
Tasks and Responsibilities:
This role requires a dynamic personality that can work successfully in a diverse environment, drive clarity, and reduce ambiguity. The ideal candidate demonstrates a unique blend of technical, business development and project management skills including the ability to think strategically, simultaneously planning and implementing key projects.
Required Skills, Abilities, and Certifications
- Project Management – Responsible for the development, collaborative execution, and reporting of cross-functional, multi-disciplinary projects and programs. This includes engaging senior and executive leadership to understand strategic objectives, designing solutions, driving results, and reporting on status and risks.
- Information Risk Management – Collaborate with EIS and Enterprise Risk Management teams to measure risk, provide oversight of root cause and remediation activities, and assist EIS management with formal ongoing program monitoring and continuous improvement.
- Process enhancement – Enhance the EIS processes to integrate and automate within GRC tool, leveraging that tool to design and provide effective reporting.
- Governance – Drive the continued implementation of NIST-CSF framework. Develop and implement governance and risk reporting frameworks while evolving Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to assure effectiveness and compliance across processes and process owners. Collaborate with formal document owners to align with established cybersecurity frameworks.
- Regulatory Compliance – Oversee the formal measurement and evaluation of the organization’s maturity using the FFIEC Cyber Assessment Tool (CAT). Maintain results in GRC platform to provide point-in-time assessment results.
Let’s talk about you:
- Education, Training, and Work Experiences.
- Bachelor’s degree preferred, or an equivalent combination of education and experience.
- 4+ years of work experience in governing, measuring, and managing risk. Experience in consulting, banking, cybersecurity, and/or financial services regulations preferred.
- Experience working with GRC platforms (Allgress, RSA-Archer, Metricstream, etc.) to analyze risks, automate tasks, and develop reporting.
- Relevant professional certifications in project management and cybersecurity are strongly desired (PMP, CISA, CISM, CRISC, etc).
- Proven record of delivering the full life cycle of programs and initiatives from design through delivery and optimization in organizations of similar size and complexity.
- Computer skills, with in-depth knowledge of Microsoft Office (Word, Outlook, PowerPoint and Excel).
- Domain and Industry Expertise
- Understanding of relevant governance and control assessment frameworks and/or standards (e.g., NIST-CSF, FFIEC CAT, ISO 27000 Series, COBIT, COSO, SOC 1/2, FAIR, PCI-DSS, etc.) is preferred.
- Strong understanding of financial services regulations and guidance including GLBA, and Interagency Guidelines Establishing Information Security Standards, and other state/federal confidentiality, privacy, and breach notification laws.
- Communication and Leadership
- Exceptional communication skills, including the ability to gather relevant information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.
- Strong leadership capabilities, including ability to connect problem statements and identify common solutions, demonstrated experience bringing ideas from concept to execution, building productive, collaborative relationships with other functions.
- Effective interpersonal, communication and leadership skills to influence operational changes, drive collaboration and maximize adoption of new ideas, tools and practices Confident presentation and facilitation skills and good interpersonal and leadership skills to facilitate working with senior management at all levels.
- Ability to communicate effectively with senior/executive management, business leaders, IT, Information Security, Audit, Compliance, Privacy, and attorneys within the organization.
- High level of professionalism, self-motivation and a strong sense of urgency, strong customer-focus, with the ability to manage expectations appropriately, provide a superior user experience and build long-term relationships.
- Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Strong organizational, project management, and multi-tasking skills with a successful track record of managing expectations, delivering results, and meeting milestones and deadlines.
- lead by example?
- enjoy collaborating with and influencing others to achieve the right outcomes?
- love securing information assets from malicious users?
- want to work on the implementing leading-edge solutions to enterprise challenges?
- demonstrate persistence in reaching goals in the face of adversity?
- function as team player who isn’t afraid to challenge the status quo?
- want to work on a team where your input matters?
- think in terms of confidentiality, integrity, and availability?
- excel in learning things quickly and thoroughly?
- enjoy sharing your hard-earned knowledge to help others grow and make a real difference?
- transform ambiguity into focused, productive, impactful outcomes?
- love to get things done, the right way, the first time?
If you think systematically, achieve purposefully, speak diplomatically, and act with integrity, the EIS department can’t wait to hear from you!!