Cybersecurity Position Available In Miami-Dade, Florida
Tallo's Job Summary: The Cybersecurity Risk and Compliance Analyst position requires a BS or MA in computer science, information security, or related field, with 3+ years of experience in IT audit, risk management, or cyber risk management. Responsibilities include overseeing security activities, designing cybersecurity policies, and monitoring compliance. The role involves collaborating with infrastructure team members, regulatory officers, and auditors, and staying current on industry trends and emerging threats. This position requires strong communication skills and the ability to articulate technical concepts to non-technical audiences. Familiarity with cybersecurity technologies and systems is essential, as well as experience with risk management frameworks. The company is committed to diversity and inclusivity.
Job Description
About the Company The Cybersecurity Risk and Compliance Analyst ensures that the organization’s technology ecosystem is evaluated correctly, assessed, and managed to ensure compliance and minimize cybersecurity risk exposure and impacts to the business. The analyst will assist with tracking open audit findings and facilitate response generation, information gathering, testing evidence, and escalation of the prior conclusions. The analyst will collaborate with infrastructure team members, drive the adoption of security best practices, assist with creating new policies, improve existing security processes, and support adherence to the organization’s security policies and procedures. Responsibilities Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization’s mission and goals. Monitors and audits compliance of cybersecurity policies to identify gaps. Designs, implements and maintains cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures. Oversees security activities such as access control, incident management, response, forensics, and reporting. Build communication and escalation plans around third-party cybersecurity risk management activities within the enterprise. Works with regulatory officers and auditors as necessary. Coordinates the gathering of third-party cybersecurity risk assessment data and prepares cybersecurity risk assessments for critical-related third parties as needed, to be published and communicated to stakeholders. Tracks identified cybersecurity risks and risk events. Maintains a current understanding of industry trends, emerging cyber threats, and new solutions that may impact the environment. Performs security reviews and identifies security gaps in security architecture, resulting in recommendations for inclusion in the risk mitigation strategy. Works with stakeholders to communicate business risk and mediation by agreed protection levels. Plans and conducts security authorization reviews and assurance case development for installing systems and networks. Performs IT and IS control reviews including, but not limited to, operating procedures, system security, programming controls, backup and disaster recovery, and system maintenance. Qualifications BS or MA in computer science, information security, cybersecurity or a related field. Required Skills 3+ years of experience in an IT audit, enterprise risk management (ERM) role or cyber risk management role. 3+ years of experience with regulatory compliance, risk management frameworks, and information security management frameworks (e.g., ISO 27000, CMMC, NIST 800-171, NIST Risk Management Framework, CARF, etc.). Strong background in conducting Business Impact Analysis (BIA) to evaluate the potential impact of cybersecurity risk on critical business processes and functions. Experience understanding and articulating business goals and objectives. Experience identifying and assessing risks to the organization’s business. Experience communicating complex technical concepts to non-technical audiences. Experience with cybersecurity principles and practices, including risk management, security controls, and incident response. Experience with cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems. Familiarity in one or more of the following areas: Identity management, PAM, SSO and MFA. Ability to leverage research from various sources such as government research, think tanks, academic research, and industry reports. Equal Opportunity Statement Include a statement on commitment to diversity and inclusivity.