Cyber Control Findings Analyst

Cyber Control Findings Analyst

Location: New York, NY

Duration: Long Term Contract

Department: Information Security

Reports To: Cybersecurity Manager

Duration : 6 months with potential to extend full year.

Onsite : 3 days a week Tue, Wed, Thursday

Cyber Control Findings Analyst is responsible for reviewing, monitoring, and resolving security findings within an organization.

Responsibilities:

• Risk and Vulnerability Assessments: Conduct risk and vulnerability assessments, validation testing, compliance reviews, and audits following NIST standards.
• ISO 27001 and SOC 2 Audits: Manage and support SOC 2 and global ISO 27001 audits.
• Promoting ISO 27001 Standards: Encourage widespread implementation of ISO 27001 standards.
• Central Repository for Audit Evidence: Maintain and monitor a central repository for audit evidence.
• Stakeholder Communication: Inform relevant stakeholders about important concerns and hazards.
• Collaboration with Departments: Work with corporate IT, procurement, and privacy departments to align with GRC (Governance, Risk, and Compliance) objectives.
• Stay Updated: Keep up-to-date with industry procedures and methods.

Requirements:

• Bachelors degree in information cybersecurity, risk management, governance, or a related field.
• 5+ years of direct experience in information security, with a focus on risk and compliance.
• Expertise in conducting ISO 27001 and SOC 2 audits and handling audit responses.
• Knowledge of relevant regulatory compliance requirements (ISO 27001, SOC 2, NIST, FedRamp, CMMC, PCI, GDPR, etc.).
• Familiarity with identity management standards, cloud storage, and disaster recovery.
• Proficiency in GRC tools and best practices (e.g., ZenGRC, OneTrust, Archer).
• Strong attention to detail and effective communication skills.
• ISO 27001 Lead Auditor, CISA, CISM, or CISSP certification