Cybersecurity Risk and Compliance Analyst

Cybersecurity Risk and Compliance Analyst

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in cybersecurity and IT, pen testing, red teaming, and/or risk management.
• Relevant certifications (e.g., CISSP, CISM, CRISC).
• Strong understanding of cybersecurity frameworks and standards.
• Excellent leadership, communication, and project management skills.

Responsibilities

• Coordinate and support penetration testing and red teaming exercises.
• Collaborate with internal and external teams to scope, plan, and execute tests.
• Analyze findings from tests and work with relevant teams to prioritize and track remediation of findings.
• Track and follow up on remediation actions resulting from pen tests, red teaming exercises, and other security assessments.
• Ensure timely closure of findings and document remediation efforts.
• Provide regular updates to management on the status of remediation activities, with timely escalations on any potential delays.
• Manage and maintain the Information Security Management System (ISMS), security policy and process documents, in accordance with ISO 27001 and other relevant standards and requirements.
• Conduct regular reviews and updates of ISMS policies, procedures, and controls.
• Oversee the exceptions management process, including the review and approval of security exceptions.
• Ensure that exceptions are documented, risk-assessed, and approved by appropriate stakeholders. Perform timely follow-up and escalations.
• Monitor and track the status of exceptions and ensure they are reviewed nearing expiration to drive appropriate actions.
• Update and maintain a consolidated controls catalogue across applicable cybersecurity frameworks.
• Ensure the controls catalogue is current and reflects the latest regulatory and risk landscape, working with control owners to drive changes.
• Collaborate with key stakeholders to ensure appropriate evidence retention for controls requiring periodic assessments.
• Engage with the compliance team and control owners to optimize testing procedures used by the compliance team to evaluate the design and operational effectiveness of controls.
• Work cross-functionally to ensure cybersecurity controls are effectively designed and scoped.
• Identify design and operational gaps and work with management to drive implementation and remediation efforts.
• Drive process/compliance owners to update documentation, including policies, processes, and narratives as needed.
• Engage with the risk management team to drive adjustments of inherent and residual risk calculations based on changes in internal and external environments.
• Develop and implement a comprehensive cybersecurity awareness program (including awareness training, exercises, corporate events, signage, etc.).
• Promote a culture of security awareness across the organization.

Preferred Qualifications

• Experience with cloud security and mobile security technologies.
• Familiarity with automated risk management solutions.
• Strong analytical and problem-solving abilities.