BGC Tech: Cyber Security Analyst
The Cyber Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The Cyber Risk Analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation.
- Execute vendor Infosec risk assessments of company vendors.
- Utilize vulnerability assessment tools.
- Assist Internal Audit in coordinating the Firm's response to regulatory inquiries and compliance initiatives (e.g., SSAE-16, SOX, FINRA and FSA).
- Assist Internal Audit in coordinating the response to customer inquiries (e.g., Due Diligence Questionnaires).
- Work with the CIO, CISO and senior technology management to ensure Firm Information Security policies and standards are up to date.
- Manage various Information Security initiatives as requested by management
- Serve as the liaison to internal for during internal audits, special projects.
- Work with Operational Risk and IT Management to enhance and executive the Firms Risk Control Self-Assessment Methodology including the use of IT Key Risk Indicators across the Firm
- Develop metrics and a continuous improvement program for the Infosec program.
- Manage security awareness program.
- Implement and Operate tooling related to the function.
- Solve problems proactively with technology.
Key Contacts and Working Relationships:
- Establish and maintain relationships with key stakeholders within IT
- Liaise with other control functions (Compliance, Risk and Internal Controls) to ensure clear understanding of risks to the business is understood to ensure a consistent message is conveyed to the business.
- Background in IT Risk Management, Information Security, Internal Audit and / or Big 4 IT Audit.
- Excellent written and verbal communication skills
- Familiarity with IT Risk Management Methodologies
- Ability to discuss technical findings with a non-technical audience.
- Project Management Skills
- Experience developing, implementing and enhancing Key Risk Indicators
- Experience in the use of GRC tool suites (e.g., Archer, IBM Open Pages, and NASDAQ's B-Wise GRC Suite).
Education/ Experience Requirements:
- Undergraduate degree in Cyber Security, Accounting, Management Information Systems or other business related discipline
- One or more certifications (CISA, CGRIEC, etc.) or graduate degree preferred