Due to tremendous growth, Essextec is looking
to hire a full-time Security Rick Analyst for their New York office. The primary responsibility will be to support
the IT Governance, Risk, and Compliance initiatives, including all existing and
new regulatory, legal, internal audit and best practice initiatives. You will also be responsible for performing
consulting services surrounding the testing of internal Security and IT Risk
controls, gathering documentation or evidence, and reporting on the results.
The ideal professional will be able to participate
in new and/or existing client environments to identify new opportunity for Risk
Management and Cybersecurity professional services engagements. Other aspects of the role include information
sharing/gathering process for other third party audits/reviews and internal risk assessments. Additionally, you will perform and/or oversee
detailed client assessments to ensure compliance with defined policies,
standards and guidelines. Upon
completion of reviews, you will make recommendations and/or be directly
involved with addressing gaps or developing remediation plans.
- Assist in the development and communication of
IT Compliance standards and guidelines. Provide input into Corporate-wide
policies and processes.
- Conduct detailed reviews of the IT Standards
compliance for clients as needed.
- Performing reviews of related IT Compliance
documentation, procedures and controls, including creating work papers and
making recommendations for remediation.
- Ensuring that issues and findings across all
compliance related activities are documented and tracked for remediation, with
direct involvement by either facilitation of discussions, or by being directly
involved in the process
- Collaborative issue/remediation planning on a
broad set of IT related issues ? Disaster Recovery, Security risks, Regulatory,
Data Protection, User access, etc.
- Review and analysis of regulatory laws based
on national, state and international regulations
- Reporting issues or deficiencies found during
testing and tracking the associated remediation plans across companies and/or
- Working both independently and across teams,
or across entities, to collect or distribute important information on
processes, procedures, guidelines, etc.
- Serve as a subject matter expert on key
internal controls, procedures, and workflows
- Bachelor’s degree with emphasis in related
field or equivalent experience.
- 3 + years of Cybersecurity and IT Risk
experience with regulatory, internal audit and/or compliance testing, including
the development of remediation activities or steps
- Experience with development of General
Controls and/or IT Compliance related standards
- Working knowledge and exposure of IT
Governance, Risk Management, and Compliance practices
- Client-facing presentation and communication
skills are a must
- Experience with RSA Archer software or other
GRC software/solutions considered a plus
- Working knowledge and understanding of NIST/HIPAA/PCI/ISO
27001 framework. Proven ability to apply toward internal IT controls for the
purposes of complying with internal audits is a strong plus. GDPR or CCPA
experience a strong plus.
- Security+, CISA and/or CRISC certifications
considered a strong plus. CISSP or CISA preferred.
- Proven ability to prioritize workload, work
effectively on concurrent tasks, and be able to meet project deadlines
- Proven ability to facilitate meetings or
discussions with internal and external personnel to determine action items and
- Business development or Presales experience a
Converge Technology Solutions offers equal opportunity to employees
and applicants regardless of race, color, creed, sex, religion, marital status,
age, national origin, ancestry, physical or mental disability, medical
condition, sexual orientation or any other consideration made unlawful by
federal, state, or local laws. Converge Technology Solutions does not accept
unsolicited resumes from third-party vendors associated with fees.