Offer summary

Qualifications:

Bachelor's degree in information assurance, computer science, engineering or related technical field preferred., 3-5+ years of experience in cybersecurity, information technology or risk management., Familiarity with security frameworks such as NIST 800-53 and regulatory requirements like PCI, HIPAA, and GDPR., Strong written and oral communication skills, with the ability to interact across varying levels of the organization..

Key responsibilities:

Assess cybersecurity and technology risk against established frameworks and standards.

Develop, review, and recommend controls and best practices to mitigate risks.

Document deficiencies and advocate for changes to improve security posture.

Create and present risk posture discovery and recommendation reports to leadership.

Job description

Cybersecurity Risk Assessor
Job Number: 25-04347

Ready for a rewarding opportunity in the Financial Services Industry? ECLARO is looking for a Cybersecurity Risk Assessor for our client in Canton, MA.

ECLARO's client is a market-leading insurance company, providing property, casualty, and specialty insurance services within the United States. If you’re up to the challenge, then take a chance at this rewarding opportunity!

Position Overview:

The cybersecurity risk assessor is a subject matter expert (SME) who works as part of a team to assess cybersecurity and technology risk against established frameworks, standards, policies and methodologies.
As a risk assessment SME, the individual develops, reviews and recommends controls and best practices, and continually evaluates risk exposure and tolerance as defined by business leaders and external entities.
The role also reviews and documents deficiencies, advocates for change, and when appropriate, escalates issues to senior risk leadership.
Cybersecurity risk assessors report continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business.
Such reporting includes adherence to regulations and industry guidelines, as well as corporate risk acceptance.
The cybersecurity risk assessor analyzes risk and developing policy, process and procedures in the following areas: third-party risk, risks within internal and business-controlled areas of security, technology risk and business processes risk.
Cybersecurity risk assessors partner with audit, compliance and legal as needed.
The ideal consultant is business-minded, with 3-5 years of experience in technology and security administration, or security risk management.
Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.

Pay Rate: $70.00/Hour

Responsibilities:

Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate, as well as areas requiring improvement and where risk is too high.
Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks and technical controls.
Work closely with risk management and security leadership, teammates and stakeholders to evaluate and recommend models aligning with organizational risk posture.
Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks.
Document, formulate and enforce security improvements that balance risk with business operations, and do not diminish efficiencies or innovation.
Support company risk posture through development of controls and processes used in test, quality assurance and production environments from conception to completion.
Analyze workflows, design documents and procedures to identify gaps in risk posture and risk acceptability based on controls.
Create and present risk posture discovery and recommendation reports to risk management leadership.
Review technical reports from vulnerability and penetration testing assessments, and results from tabletop exercises.
Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.
Remain educated on regulatory requirements, internal policies and industry best practices.
Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and risk in mind.
Openly support the organization, the management team and executive leadership team, even during times of adversity.
Review current cyber security policy program and update to latest NIST Cyber Security framework version.
Perform other duties as assigned.

Required Qualifications:

Preferably 3-5+ years' experience in security systems administration, with 4+ years' risk management experience.
At least 2 to 4 years' experience with various security frameworks including NIST 800-53 cybersecurity framework.
Good knowledge of any of the following regulatory requirements and laws such as, but not limited to, PCI, FFIEC, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, and GLBA. Additionally, experience in ITIL.
Familiarity with NYDFS 23 NYCRR 500.
Administration and/or familiarity with network and host configurations, application security, cloud services, third-party risk management and role-based access.
Understanding of vulnerability and configuration management, and familiarity with a variety of technologies and applications.
Preferred experience with cloud environments such as Microsoft Azure.
Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
Strong written and oral communication skills across varying levels of the organization.
Understanding of service design, delivery concepts and control frameworks.
Organized, with the ability to prioritize and complete tasks within defined SLAs.
Excellent judgment and the ability to make quick decisions when working with complex situations.
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.

Education Requirements: Bachelor's degree in information assurance, computer science, engineering or related technical field preferred.
Experience Requirements: 3-5+ years of cybersecurity, information technology or risk management practitioner experience.
Certification Requirements: Preferable, but not required, one or more of the following: CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP.

If hired, you will enjoy the following ECLARO Benefits:

401k Retirement Savings Plan administered by Merrill Lynch
Commuter Check Pretax Commuter Benefits
Eligibility to purchase Medical, Dental & Vision Insurance through ECLARO

If interested, you may contact:
Lea Enriquez
leafer.enriquez@eclaro.com
6466952941
Lea Enriquez | LinkedIn

Equal Opportunity Employer: ECLARO values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status, in compliance with all applicable laws.

Required profile