The Senior Coordinator, Cyber Security Controls will support the completion of compliance-related data requests from Firm clients to assess security policies and procedures and support Third Party Risk Assessment efforts. The Coordinator will support the Firm’s response to internal stakeholders and clients regarding security controls policy, processes, and procedures implemented for systems and applications, as well as support the Firm’s Third Party Risk Management (“TPRM”) function. This position requires strong communication skills, initiative, attention to detail and the ability to learn quickly.
In this capacity, the Cyber Security Controls Senior Coordinator will:
- Review, understand and apply the Firm’s current cybersecurity program framework and relevant policies;
- Complete external information security assessments and support status tracking of Client and TPRM assessments and provide reporting to appropriate stakeholders. (Client InfoSec Assessments and TPRM);
- Support the Governance and Risk team in coordinating efforts relating to the development and execution of Controls, Risk and TPRM initiatives (e.g., Client InfoSec Assessments and TPRM surveys and risk assessment tasks;
- Inventory, build and maintain the InfoSec and Governance and Risk artifact library (e.g., policies, standards, procedures, processes and guidelines);
- Coordinate with external assessors and internal subject matter experts to address Governance and Risk inquiries;
- Maintain an inventory of artifacts and risk assessment information for the TPRM document repository and the risk register;
- Execute TPRM inquires in the event of event of high or critical National Vulnerability Database (“NVD”) or Client notifications;
- Assist in further defining the process for completing information security control and TPRM assessments;
- Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures;
- Develop and maintain the status tracking related to findings from information security assessments;
- Contribute to the creation of security related processes and procedures and relevant documents;
- Work with InfoSec Directors and Managers to report existing information security program and ongoing security projects that address information security risks and compliance requirements;
- Manage competing deadlines and multiple external inquires using effective organizational skills and attention to detail as demonstrated by prior work experience; and
- Support various ad hoc projects across the InfoSec team (e.g., program enhancements, process improvements, and other functions).
- At least three years of combined information technology and information security experience;
- Fundamental understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT);
- Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A;
- Experience working with internal and external auditing firms;
- Fundamental understanding of information security concepts and technologies; and
- Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
- A minimum of 4+ years professional work experience; and
- Bachelor’s degree (required).
Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.