Sr. Cybersecurity Risk Analyst

Cameron Craig Group
Salisbury, MD
Aug 14, 2022
Aug 16, 2022
Full Time
This is a permanent position on-site in Salisbury, MD. It is NOT a remote position. It comes with a comprehensive relocation package. Responsibilities: This position will actively contribute to the on-going maturation of the company's information security program through executing security assessments, guiding secure technology implementations, and mitigating cyber risk. Specific responsibilities include: Create and maintain partnering relationships with business leaders and managers to advise on cybersecurity requirements for project implementation and execution. Manage and guide IT and business areas on technical remediation stemming from vulnerability assessments, pen tests, application security assessments, audit, etc. providing prioritized remediation efforts. Provide input into cybersecurity strategies and plans based on evolving technology risk and business initiatives stemming from security assessments and industry requirements. Lead cybersecurity projects for identifying and mitigating risk (maturity assessment, cyber controls assessment, PCI-DSS, HIPAA, etc.) as needed. Assess the security of third-party solutions and supplier integrations; recommend appropriate security controls and contractual language. Track, measure, validate, and report on risk identification, acceptances, and remediation efforts. Maintain information security policies and standards to support the on-going protection and security requirements for the organization. Support CSIRT and cybersecurity operations teams during tabletop exercises, incident response, legal request, and internal investigation as needed based on aligned business/IT areas. Requirements: A Bachelor's degree in Information Systems, Cyber Security, Computer Science or a related discipline is preferred, however, equivalent years of experience may be considered in lieu of educational requirements. Specific requirements include: A minimum of seven (7) years of Information Technology experience, with at least three (3) years within Information Security (More without degree.) Technical or cybersecurity background (eg security operations, security engineering) that can effectively lead and advise on cybersecurity implementation, assessments, and cyber risk reduction strategies for IT and business initiatives. Previous experience in one of the following domains, cybersecurity operations, architecture, or engineering. Experience engaging vendors and consultants to execute cyber assessments. Working knowledge of industry control frameworks and standards, NIST CSF, CIS, OWASP, and MITRE ATT&CK Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, incident management, vulnerability management, and data protection. Understanding of cyber security threat modeling, risk management concepts, cyber security frameworks, secure coding principles, and security technologies. One of the following certifications is preferred but not required CISSP, CISM, CRISC, GSEC, GCIH, Security+ Experience with one more of the following industry regulations, PCI-DSS, HIPAA, DHS-CFATS