Cybersecurity Risk and Compliance Senior Analyst
Indexed description
Qualifications:
- 3-7 years of experience in cybersecurity audits, threat and risk assessments (TRA), security risk management, and assessments of organizations, third-party environments, or technology solutions.
- Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, NIST 800-30, NIST AI RMF, ISO 27001, SOC 2, PCI DSS, CIS Controls, OWASP LLM/GenAI guidance, etc.).
- Hands-on experience with security risk assessment tools and methodologies.
- Understanding of security operations, threat intelligence, and incident response.
- Proficiency in network security, cloud security (AWS, Azure, GCP), application security, data security, and third-party/vendor risk considerations.
- Experience assessing enterprise applications, cloud services, integrations/APIs, vendor platforms, and AI-enabled or generative AI solutions is preferred.
- Certifications preferred:
o CISA (Certified Information Systems Auditor)
o CISSP (Certified Information Systems Security Professional)
o CRISC (Certified in Risk and Information Systems Control)
Responsibilities:
- Conduct cybersecurity risk assessments, threat and vulnerability assessments, and compliance reviews across organizations, technology environments, and digital solutions.
- Assess security risks across enterprise applications, cloud platforms, APIs/integration environments, third-party solutions, and AI-enabled or generative AI technologies.
- Evaluate cybersecurity controls, policies, governance practices, and technical safeguards against industry frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, and OWASP guidance.
- Identify cyber threats, attack vectors, and control gaps while providing practical recommendations to strengthen security posture and resilience.
- Review security architecture and technical controls including access management, data protection, encryption, cloud security, application security, and vendor risk management.
- Develop comprehensive risk assessment reports, documentation, and executive summaries; communicate findings and recommendations to technical teams and senior stakeholders.
- Collaborate with business and technology teams to align cybersecurity strategies with organizational objectives and risk management goals.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search