Cyber Security Risk And Compliance Analyst

Job Locations GR-Athens
ID
2022-8325
Category
Information Technology
Position Type
Employee
Telecommute
No

Position Summary

Under the direction of the Manager Cyber Risk and Compliance, this individual plays a crucial role in bridging the gap between cybersecurity, IT and business operations.  This person is expected to be both technically experienced and business-aligned as s/he works with both IT and business stakeholders to assess the risk and compliance of existing solutions and new initiatives.

 

We are seeking an experienced Cybersecurity Risk and Compliance Analyst to join our team. The successful candidate will be responsible for a multitude of service lines within cybersecurity, including risk assessments, interpretation and mapping of regulatory compliance mandates, security awareness and cybersecurity dashboards and KPIs.

 

This role is responsible for ensuring that governance, risk and compliance projects are effectively and efficiently executed, as well as identifying areas for improvement across the cybersecurity GRC lines of service.

 

This individual will be highly driven (“high motor”), able to balance active priorities, be meticulous and planful. They will be comfortable addressing ambiguity, able to consistently deliver results, be naturally curious and highly accountable, and approach situations in a thoughtful and process-oriented manner. This person will work closely with individuals at all levels of the information technology organization and business partners (executives, peers, staff members, individual contributors, cross-functional team members) to identify risk and compliance gaps, provide guidance on remediation, and provide consultation on adherence to ITT security policy for all aspects of the global organization.

 

Essential Responsibilities

·         Review various regulatory compliance standards and mandates (i.e. NIST 800-171, CMMC2, NIS2, TISAX, etc..) and assess ITT business environments and practices against the requirements.

·         In instances where there are gaps between the compliance requirements and controls implemented by ITT, advise IT and business units on how to remediate the gaps.

·         Conduct risk assessments for solutions proposed by the business.

·         Perform risk assessments on vendors and other third parties with whom ITT wishes to conduct business.

·         Complete security questionnaires that are requested by ITT’s customers.

·         Communicate risk findings to stakeholders (well spoken and written English is a requirement to effectively communicate risk)

·         Review the risk of proposed firewall modifications, changes to user access to systems, and website access.

·         Maintain the cyber security awareness training program, including web-based training modules and phishing simulations.

·         Compile and present KPIs and KRIs related to cybersecurity and IT security functions.

·         Develop cyber training materials, such as posters and digital communications.

·         Maintain suites of information (e.g., SharePoint) to facilitate access by end-users.

·         Support cyber security governance in the formulation of cyber-related policies, standards and procedures.

·         Meet tight deadlines in a fast-paced environment.

·         Document processes and activities for repeatable results.

·         Other tasks and/or projects as assigned.

 

-          Carry a Smartphone 24X7 for the purpose of escalation

-          On-call availability as an escalation point or in critical situations.

-          Due to time zone difference and appropriate meeting times, flexible work hours may be required.

-          Sitting for extended periods of time.

-          Dexterity of hands and fingers to operate a computer keyboard, mouse, and to handle other computer components.

-          Lifting and transporting of moderately heavy objects, such as computers and peripherals.

-          Additional working hours as required.

-          Travel less than 10% may be required for special projects.

Position Requirements

Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; Professional certifications such as CISSP, CISM, CRISC, or CGRC are a plus.

Experience: Minimum of 3 to 5 years of experience in cybersecurity, or another discipline with transferable skills. The ideal candidate will have a broad set of experiences (IT operation, systems administration, cybersecurity, audit) ranging subject matter areas such as risk identification and management, compliance frameworks and assessments, and cybersecurity administration.

Skills/Knowledge:

·         Strong knowledge of security frameworks (e.g., NIST CSF and 800-53 and 171, ISO/IEC 27001) and regulatory requirements (e.g., GDPR, CMMC, NIS2).

·         Hands-on experience in interpreting compliance requirements and translating them into actionable control recommendations for the business to implement.

·         Ability to assess risk and compliance gaps in a complex, multi-technology, global environment.

·         Understand risk sources, potential impacts, and likelihood

·         Advise on risk response and mitigations to risk

·         Possess the ability to identify insecure ports/protocols

·         Strong troubleshooting, reasoning, problem solving

·         Demonstrated ability to write clear and concise technical documentation and policies

·         Ability to multi-task and change priorities with short notice

·         High standard of professionalism and ethics

·         Possess the ability to use Excel pivot charts, PowerBi, and similar technologies to compute and display metrics

·         Strong communication skills, with the ability to explain complex security concepts to non-technical stakeholders.

·         Knowledge of and experience with OT environments and ICS systems

 

 

-          Highly self-motivated and self-directed.

-          Comfortable with hands-on approach to addressing complex problems to gain a grounded and granular understanding, make informed decisions and take appropriate actions

-          Ability to be challenged with ambiguous situations; dissect and plan the work that simplifies the work for themselves and others, with a focus on delivering results.

-          Passion for data and innovation.

-          Proven ability to manage multiple projects to completion while maintaining quality standards and project deadlines.

-          Understands when new or alternate solutions are necessary and begins discussions with IT management and business/functional partners to identify needed improvements to the solution/service framework.

-          Leverages experience collaborating across cultures and organizations. 

-          High focus on interpersonal and cultural understanding across disparate teams work settings by initiating conversations with others.

-          Shares information proactively, directs workflows to leverage the expertise of individuals, and promotes a team approach to achieve common goals.

-          Leverages existing solutions, knowledge base, and best practices, and works within the approved policy/governance framework.

-          Gains trust by listening effectively, being open and transparent, and demonstrating results that the customer, business, or function values.

-          Demonstrates a sense of pride in the quality of his/her own work, and a willingness to take initiative to meet the challenges of the customer, business, or function.

-          Promotes accomplishments while holding others accountable for results.

-          Excellent written and oral communication skills.

-          Effective interpersonal skills, with a focus on listening and questioning skills.

-          Strong documentation skills.

-          Ability to conduct research into a wide range of computing issues as required.

-          Ability to absorb and retain information quickly.

-          Ability to present ideas in user-friendly language to non-technical staff and end users.

-          Keen attention to detail.

-          Ability to effectively prioritize and execute tasks in a high-pressure environment.

-          Experience working in a team-oriented, collaborative environment.

-          Self-directed, self-starter and strong analytical & problem-solving skills.

-          Ability to work well under stress.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.