Cyber Security Risk Analyst Fulltime

Description

About the Role

Pivotal team member supporting the development and execution of a robust, agency-wide cybersecurity program with overall accountability to oversee and execute comprehensive cybersecurity risk assessments at the corporate level. This includes leveraging the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF) to guide assessment processes. Additionally, the incumbent will propose and implement risk mitigation strategies in cooperation with relevant system owners and stakeholders to bolster the organization’s resilience against potential cyber threats.

Responsibilities

Reporting to [the Chief Information Security Officer (CISO) / Cybersecurity Risk Manager] the Cybersecurity Risk Analyst will be responsible for:
• Develop and provide KPI driven reports on cybersecurity initiatives.
• In close collaboration with internal and external stakeholders from all line and staff departments, including the Chief Security Office, Audit, Enterprise Risk Management, and other relevant stakeholders, the candidate will lead multifaceted efforts encompassing strategic planning, meticulous research, seamless implementation, and sustained operation of cybersecurity initiative.
• Consistently refine and enhance existing cybersecurity policies, procedures, and guidelines to elevate the Agency’s cybersecurity posture. Collaborate closely with Agency departments to ensure rigorous adherence to established cybersecurity policies and standards across all corporate-level systems, networks, and data assets.
• Present concise and informative reports, presentations, processes, standards, guidelines, metrics, for audiences at all levels (stakeholders and leadership). Coordinate and conduct meetings at all levels.
• Manage internal and external security assessments, coordinate across the agency to prioritize and remediate findings, communicate, and report progress to senior management.
• Perform and or support a subset of the following Cybersecurity areas of responsibility:
• Budget planning,
• Contract management,
• Vendor management,
• Grant management
• Assist with building out the Third-Party Risk Management program.

Minimum Qualifications
• A minimum of 10 years of experience in Information Technology and with a minimum of two years most recently in the Cyber Security with focus on Risk Management.
• Demonstrated ability to work effectively with cross-functional teams, oversee projects, and generate comprehensive reports to track progress and KPIs.
• Excellent verbal and written communication skills
• Prior experience setting up or working in third-party risk programs.
• Operational experience with applying and implementing NIST cybersecurity guidelines and best practices for a large and complex organizations with focus on practicality and effectiveness.

Desired Qualifications

Ideal candidates will present the following profile:
• Experience leading risk management efforts, including assessing cybersecurity risks, identifying vulnerabilities, and implementing controls to mitigate threats.
• Hands-on experience with understanding architectures and applying Threat Modeling to identify security gaps and propose technical solutions.
• Experience with collaborating and negotiating with internal teams and vendors to develop and implement risk mitigation strategies, including policy development, process improvements, and technology enhancements.
• Served as a subject matter expert on cybersecurity risk management, providing guidance and recommendations to senior leadership and relevant stakeholders.
• Demonstrated success in prior roles that required strategy development for a short- and long-term cybersecurity process enhancement.
• Project Management experience.
• Strong knowledge of NIST frameworks, including NIST SP 800-53 and NIST Cybersecurity Framework (CSF).
• Certifications like CASP+, SECURITY+ Highly desired
• Certifications, such as CISSP, CISM, or CRISC, preferred

Selection Process

The application process varies by position, but typically includes an initial phone interview for qualified candidates, followed by a more in-depth interview(s) and/or assessment(s). Selected candidates who are made a conditional job offer will be asked to undergo a background check.

Compensation & Benefits

The Port Authority of New York and New Jersey offers a competitive benefits package, hybrid work options for many positions, and a professional environment that supports development and recognizes achievement.

Click here for more information about benefits, our culture, and career development opportunities.

Tagged as: Risk analyst