Job description

Job Description
We are seeking a skilled and experienced cross-functional Governance, Risk, and Compliance consultant that can work with IT Compliance and IT Risk on assessments, testing, reporting, and risk analysis within the Information Security Program.

Key Responsibilities:
Assessments: Perform Risk Assessments to ensure proper design and associated risks (inherent and residual) for systems, environments, and domains analyzed.
Ability or understanding to gather information to determine threat event frequencies, loss event frequencies, susceptibility, and impact.

Testing: Ability to test the design and operating effectiveness of quarterly/re-occurring IT controls that support our regulatory assessment programs (SOX, NYDFS, etc.).
Ability to determine proper design of processes and ineffective processes and key elements of an effective process design.
Understanding of key control points and able to perform walkthroughs and/or review of evidence to determine operating effectiveness.

Risk Identification and Mitigation: Collaborate with cross-functional teams to identify emerging risks, assess their potential impact on the organization, and develop mitigation strategies.

Reporting: Ability to contribute towards creating reports for different audiences for IT and non-IT stakeholders (senior management, executive leadership, system owners, and relevant stakeholders) to facilitate decision-making and drive continuous improvement efforts.

Preferred Qualifications:

Experience with conducting IT/Cybersecurity audits, risk assessments, privacy assessments.
Familiarity with CMMI, FAIR, NIST CSF, ISO-27001, CSC 18, and Privacy regulations.
Experience with providing remediation recommendations for issues/findings.
Experience with GRC tools (such as Archer, ServiceNow, etc.) and project management tools (Jira).
Ability to lead walkthroughs and assessments with minimal oversight.
Highly effective communication skills for management and sr. leadership