Senior Cybersecurity Risk Analyst Salisbury, Salisbury, MD, US
We are seeking a Sr. Cybersecurity Risk Analyst to join our Information Security team. This position will actively contribute to the on-going maturation of the company's information security program through executing security assessments, guiding secure technology implementations, and mitigating cyber risk. The ideal candidate will have a technical or cybersecurity background (e.g. security operations, security engineering) that can effectively lead and advise on cybersecurity implementation, assessments, and cyber risk reduction strategies for IT and business initiatives.
Principal and Essential Duties & Responsibilities
- Create and maintain partnering relationships with business leaders and managers to advise on cybersecurity requirements for project implementation and execution.
- Manage and guide IT and business areas on technical remediation stemming from vulnerability assessments, pen tests, application security assessments, audit, etc. providing prioritized remediation efforts.
- Provide input into cybersecurity strategies and plans based on evolving technology risk and business initiatives stemming from security assessments and industry requirements.
- Lead cybersecurity projects for identifying and mitigating risk (maturity assessment, cyber controls assessment, PCI-DSS, HIPAA, etc.) as needed.
- Provide and assess the security of third-party solutions and supplier integrations; recommend appropriate security controls and contractual language.
- Track, measure, validate, and report on risk identification, acceptances, and remediation efforts.
- Maintain information security policies and standards to support the on-going protection and security requirements for the organization.
- Support CSIRT and cybersecurity operations teams during tabletop exercises, incident response, legal request, and internal investigation as needed based on aligned business/IT areas.
- Bachelor’s degree in Information Systems, Cyber Security, Computer Science or related discipline is preferred, however, equivalent years of experience may be considered in lieu of educational requirements.
- A minimum of seven (7) years of Information Technology experience, with at least three (3) years within Information Security.
- Previous experience in one of the following domains, cybersecurity operations, architecture, or engineering.
- Experience engaging vendors and consultants to execute cyber assessments.
- Working knowledge of industry control frameworks and standards, NIST CSF, CIS, OWASP, and MITRE ATT&CK
- Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, incident management, vulnerability management, and data protection.
- Understanding of cyber security threat modeling, risk management concepts, cyber security frameworks, secure coding principles, and security technologies.
- CISSP, CISM, CRISC, GSEC, GCIH, Security+, etc.
- Prior experience working in manufacturing, retail, medical, energy, finance, food, consumer goods or pharmaceutical industries.
- Experience with one more of the following industry regulations, PCI-DSS, HIPAA, DHS-CFATS
- Excellent interpersonal skills, self-confident, motivated, and capable of working with limited supervision.
- Team-oriented with proven skills in clearly guiding others, without having direct management authority and motivating them to successfully mitigate risk within required timelines.
- Able to discuss issues at technical and business levels with audiences of various backgrounds.
- Strong desire and aptitude for continuous learning and keeping abreast of new and emerging technology.