Join CyberProof Today

Process Analyst and Data Manager (Office of the CISO)

United States, Security Solutions

Description

The Process Analyst and Data Manager will help drive the development and continuous refinement of the ISMS Governance and Operational Processes. This will also include maintenance of the ISMS and Compliance Documentation.

Job responsibilities:

The job responsibilities for this position will vary over time based on the priorities and needs of the organization, but may include any or all of the below.

·      Assist in developing and maintaining the organization’s Governance processes.

·      Develop and track the organization’s Security Awareness Training program. This includes class content development, training scheduling in the training vendor system, creating training reports, creating and scheduling phishing or other simulations, and tracking employee progress.

·      Assist in developing and managing ISMS governance and performance KPIs. This includes tracking and executive reporting on key performance metrics.

·      Security and Privacy Controls management. This will include, the collecting and documenting of Security and Privacy Controls throughout the organization (per department and location), management and maintenance of the controls reporting platform, and the preparation of executive reports.

·      Assist in conducting enterprise risk reviews and ensuring that the organization’s controls are aligned to the business risks.

·      Assist in tracking the progress and risk alignment of the organization’s security monitoring program.

·      Develop and manage the vendor assessment responses and library for responding to customer and prospect RFP vendor assessments of CyberProof. This includes creating a system for searchable responses and creating automation where possible.

 

Requirements: 

·      Experience in conducting risk assessments and due diligence reports.

·      Strong analytical and problem-solving capabilities.

·      Experience in developing cybersecurity training plans and course material.

·      Working knowledge of the MITRE ATT&CK framework.

·      Experience in the assessment and analysis of security and privacy controls.

·      Familiarity with regulatory compliance frameworks.

·      Familiarity with industry security and privacy frameworks such as NIST.

·      In depth knowledge of Risk Management principles and practices.

·      Proven organizational and leadership skills.

·      Outstanding communications and interpersonal abilities

·      BS/BA in computer science, Information systems or relevant field.

Requirements