Title: Senior Coordinator & Cyber Security Controls
Contract: Full-Time(On-site or Hybrid)
In this capacity, the Cyber Security Controls Senior Coordinator will:
? Review, understand and apply the Firm’s current cybersecurity program framework and relevant
policies;
? Complete external information security assessments and support status tracking of Client and
TPRM assessments and provide reporting to appropriate stakeholders. (Client InfoSec
Assessments and TPRM);
? Support the Governance and Risk team in coordinating efforts relating to the development and
execution of Controls, Risk and TPRM initiatives (e.g., Client InfoSec Assessments and TPRM
surveys and risk assessment tasks;
? Inventory, build and maintain the InfoSec and Governance and Risk artifact library (e.g., policies,
standards, procedures, processes and guidelines);
? Coordinate with external assessors and internal subject matter experts to address Governance
and Risk inquiries;
? Maintain an inventory of artifacts and risk assessment information for the TPRM document
repository and the risk register;
? Execute TPRM inquires in the event of event of high or critical National Vulnerability Database
(“NVD”) or Client notifications;
? Assist in further defining the process for completing information security control and TPRM
assessments;
? Support metrics and reporting of the Information Security Program through the collection and
analysis of effectiveness security control measures;
? Develop and maintain the status tracking related to findings from information security
assessments;
? Contribute to the creation of security related processes and procedures and relevant documents;
? Work with InfoSec Directors and Managers to report existing information security program and
ongoing security projects that address information security risks and compliance requirements;
? Manage competing deadlines and multiple external inquires using effective organizational skills
and attention to detail as demonstrated by prior work experience; and
? Support various ad hoc projects across the InfoSec team (e.g., program enhancements, process
improvements, and other functions).
Proficiencies:
? At least three years of combined information technology and information security experience;
? Fundamental understanding of multiple risk management concepts, frameworks, and standards
(CSC, NIST, ISO, COBIT);
? Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls
identified in NIST SP800-171 and NIST SP800-53A;
? Experience working with internal and external auditing firms;
? Fundamental understanding of information security concepts and technologies; and
? Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
Qualifications:
? A minimum of 4+ years professional work experience; and
? Bachelor’s degree (required).