Security Business Analyst engaging in requirements gathering, risk assessments, and stakeholder liaison. Supporting measurable security outcomes with comprehensive documentation in a hybrid work setup.
About the role
- Cybersecurity Assessor evaluating enterprise systems for vulnerabilities and compliance. Engaging in assessments and reporting within a hybrid work structure based in Brooklyn Heights, NY.
Responsibilities
- Evaluate enterprise systems, networks, and applications to identify vulnerabilities, assess risks, and ensure compliance
- Interpret federal mandates (NIST SP 800-53/37), evaluate controls, and conduct Security Impact Analyses
- Manage Plan of Action and Milestones (POA&M) documentation
- Conduct security and compliance assessments for internal systems and third-party vendors
- Analyze assessment results, document findings, and support remediation efforts
- Use industry-standard GRC and risk tools for documentation and workflow
- Maintain assessment documentation and contribute to security posture reporting
- Perform daily RMF (Risk Management Framework) lifecycle control assessments
Requirements
- Applicant must be a U.S. citizen residing in the U.S.
- This position requires obtaining a clearance through the Department of Education. Applicants must be willing to undergo a background check as part of the hiring process.
- Education: Bachelor’s degree from an accredited university or 5-7 years of relevant experience.
- Experience: 5+ years in GRC methodologies, security control auditing, third-party risk assessments
- Certifications: (candidates MUST HAVE obtained at least one)
- - CISA (Certified Information Systems Auditor)
- - CRISC
- - CGEIT
- - CISSP
- - CompTIA Security+
- - CCSK (Certificate of Cloud Security Knowledge)
- - CAP/ISC2 CGRC
- Technical Skills:
- - GRC platforms (Archer/ServiceNow)
- - Third-party risk tools (OneTrust/Prevalent)
- - MS Excel (Advanced)
- - MS Power BI
- - MS Visio
- - JIRA
- - Microsoft Office Suite
Benefits
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Training & Development
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Software Engineer developing engaging gamified learning experiences for cybersecurity awareness. Driving technical leadership and product ownership in a rapidly growing team.
Cyber Security Engineer providing cybersecurity support for SCADA, OT networks and industrial control systems at Vestas. Collaborating with cross - functional teams to ensure secure operations in offshore wind farms.
Senior Consultant in IT Security guiding clients through IT projects and security strategies. Analyzing vulnerabilities and leading project tasks while ensuring quality and timely delivery.
AI Security Engineer securing AI - driven applications at a rapidly expanding tech company. Focus on mitigating risks across the AI lifecycle with a talented team.
Sr. Product Manager leading vision and strategy for Smartsheet's security offerings. Managing enterprise security products while ensuring compliance and driving product adoption.
Senior penetration tester responsible for advanced security testing in various sectors at Combitech. Collaborating with a team of experts, focusing on real threat simulations and enhancing security measures.
Physical Security Specialist managing corporate security operations for a global media company in South Korea. Leading security projects, vendor management, and cross - functional collaboration.
Security Engineer enhancing security capabilities for organizations through automation and collaboration. Building secure services and infrastructure in a dynamic engineering environment.
Senior Cloud Security Architect designing and implementing secure architectures across hybrid and multi - cloud environments. Collaborating with teams to drive security strategies aligned with business objectives.