Cyber Security Strategy & Operations Lead

September 18, 2024

Finastra USA Corporation

București

OTHER

Responsibilities: We are currently looking for a highly skilled and experienced Cyber Security Lead. In this role, you will be a key player in the compliance function of our Cyber Security team. This individual will perform a multi-faceted role focusing on two primary responsibilities.

First, manage cyber-control evidence requests for assuring the security and integrity of the organization’s network, systems, and data. Secondly, in the capacity of a Third-Party Risk Analyst, assess and manage cybersecurity risks associated with third-party vendors and service providers by evaluating vendors' security practices, ensuring compliance with industry standards and organizational policies.

This individual will play a crucial role in ensuring the effectiveness and compliance of cybersecurity controls across the entire organization.

Responsibilities & Deliverables:

Your roles & responsibilities will include, but are not limited to, the following:

Collecting and Validating Control Evidence:

Facilitate the collection and validation of evidence related to cybersecurity controls for scheduled audits and assessments.
Collaborate with internal teams to ensure accurate and comprehensive evidence submission.

Assessment Support:

Participate in assessment kickoffs and provide recurring status updates to relevant stakeholders.
Respond promptly to internal auditor and assessor requests, addressing any queries or information needs.

Security Control Library Management:

Maintain the security control library, ensuring it reflects the latest standards and best practices.
Regularly update control documentation based on compliance documents, industry frameworks, and regulatory requirements.

Vendor Assessment & Evaluation:

Conduct thorough assessments of third-party vendors' cybersecurity practices, including their security policies, procedures, and controls.
Evaluate vendors' compliance with industry standards (e.g., ISO, NIST, SOC 2) and regulatory requirements.
Review vendor security documentation, including audit reports, penetration test results, and security certifications.

Risk Identification and Mitigation:

Identify potential cybersecurity risks associated with third-party vendors and recommend appropriate mitigation strategies.
Collaborate with internal stakeholders to develop risk mitigation plans and monitor their implementation.
Maintain a risk register and track the status of identified risks and mitigation efforts.

Process Documentation:

Work closely with cybersecurity leaders to document and improve processes and procedures.
Capture essential details related to security controls and their implementation.

Performance Tracking and Reporting:

Track and report on the performance of audit and assessment support capabilities.
Identify areas for improvement and recommend remediation actions as needed.

Control Verbiage Certification:

Certify and update control verbiage, aligning it with compliance requirements and industry standards.

Required Experience:

Minimum of 3 years of experience in information security governance, risk, and compliance.
Experience in security control library management, process writing, control statement writing, compliance documentation recertification, and driving updates.

Solid project management skills.
Excellent verbal and written English communication skills, with the ability to effectively interact with technical, business, and other stakeholders at all levels of the organization.
Superior analytical and problem-solving abilities, enabling assessment of complex security issues, prioritization of tasks, and development of practical solutions.
Adaptability in tailoring conversations and presentations for different audiences, spanning technical, non-technical, and executive leadership.
Demonstrated commitment to continuous learning and professional development in the field of cybersecurity.
Certification in information security or GRC is a plus (CISM, CISA, CISSP, CGRC, etc.)
Flexibility for consistent availability for Eastern (UTC-5) and Pacific (UTC-8) time zones.

Education/Certifications Desired

Bachelor's degree from an accredited college or university, or equivalent experience.
Knowledge and experience in understanding implementation guidelines from security control frameworks, such as NIST CSF, NIST 800-53, PCI DSS, CIS, COBIT 5, CSA/CSM, ISO 27001.

We regret to inform you that this job opportunity is no longer available

Latest Job Opportunities

October 19, 2024

Tech Domain

Network Engineer

Sibiu

OTHER

View Details

October 19, 2024

DRÄXLMAIER Group

Senior Commodity Buyer Mechatronics

Timișoara

View Details

October 19, 2024

Allianz Services

Planning Expert

București

OTHER

View Details

October 19, 2024

Genpact

Customer Service - Senior Process Associate-Spanish-Remote EMEA.

Cluj-Napoca

OTHER

View Details

October 19, 2024

Genpact

Customer Service - Senior Process Associate-French-Remote EMEA.

Cluj-Napoca

Cluj-Napoca

View Details

September 5, 2024

NTT Data

OT Cybersecurity Analyst

Latest Job Opportunities

Tech Domain

Network Engineer

DRÄXLMAIER Group

Senior Commodity Buyer Mechatronics

Allianz Services

Planning Expert

Genpact

Customer Service - Senior Process Associate-Spanish-Remote EMEA.

Genpact

Customer Service - Senior Process Associate-French-Remote EMEA.

Similar Jobs

Flutter Entertainment

Senior Cyber Incident Responder - Flutter Group, Hybrid & Remote

Expleo Group

Vehicle Cybersecurity Specialist

ARRK

Automotive Cyber Security Specialist (m/f/d)

NTT Data

OT Cybersecurity Expert Analyst

NTT Data

OT Cybersecurity Analyst

Elisa Polystar

Team Manager – Cyber Security (Iași)

New Jobs from This Company

Finastra USA Corporation

Expert IS Analyst

Finastra USA Corporation

Lead Technical Solutions Consultant

Finastra USA Corporation

Expert Software Engineer

Jobs Around Me

Quick Links

Contact Us