Responsibilities

We are currently looking for a highly skilled and experienced Cyber Security Lead. In this role, you will be a key player in the compliance function of our Cyber Security team. This individual will perform a multi-faceted role focusing on two primary responsibilities.

First, manage cyber-control evidence requests for assuring the security and integrity of the organization's network, systems, and data. Secondly, in the capacity of a Third-Party Risk Analyst, assess and manage cybersecurity risks associated with third-party vendors and service providers by evaluating vendors' security practices, ensuring compliance with industry standards and organizational policies.

This individual will play a crucial role in ensuring the effectiveness and compliance of cybersecurity controls across the entire organization.

• Facilitate the collection and validation of evidence related to cybersecurity controls for scheduled audits and assessments.
• Collaborate with internal teams to ensure accurate and comprehensive evidence submission.

• Participate in assessment kickoffs and provide recurring status updates to relevant stakeholders.
• Respond promptly to internal auditor and assessor requests, addressing any queries or information needs.

• Maintain the security control library, ensuring it reflects the latest standards and best practices.
• Regularly update control documentation based on compliance documents, industry frameworks, and regulatory requirements.

• Conduct thorough assessments of third-party vendors' cybersecurity practices, including their security policies, procedures, and controls.
• Evaluate vendors' compliance with industry standards (e.g., ISO, NIST, SOC 2) and regulatory requirements.
• Review vendor security documentation, including audit reports, penetration test results, and security certifications.

• Identify potential cybersecurity risks associated with third-party vendors and recommend appropriate mitigation strategies.
• Collaborate with internal stakeholders to develop risk mitigation plans and monitor their implementation.
• Maintain a risk register and track the status of identified risks and mitigation efforts.

• Work closely with cybersecurity leaders to document and improve processes and procedures.
• Capture essential details related to security controls and their implementation.

• Track and report on the performance of audit and assessment support capabilities.
• Identify areas for improvement and recommend remediation actions as needed.

• Certify and update control verbiage, aligning it with compliance requirements and industry standards.

• Minimum of 3 years of experience in information security governance, risk, and compliance.
• Experience in security control library management, process writing, control statement writing, compliance documentation recertification, and driving updates.

• Solid project management skills.
• Excellent verbal and written English communication skills, with the ability to effectively interact with technical, business, and other stakeholders at all levels of the organization.
• Superior analytical and problem-solving abilities, enabling assessment of complex security issues, prioritization of tasks, and development of practical solutions.
• Adaptability in tailoring conversations and presentations for different audiences, spanning technical, non-technical, and executive leadership.
• Demonstrated commitment to continuous learning and professional development in the field of cybersecurity.
• Certification in information security or GRC is a plus (CISM, CISA, CISSP, CGRC, etc.)
• Flexibility for consistent availability for Eastern (UTC-5) and Pacific (UTC-8) time zones.

• Bachelor's degree from an accredited college or university, or equivalent experience.
• Knowledge and experience in understanding implementation guidelines from security control frameworks, such as NIST CSF, NIST 800-53, PCI DSS, CIS, COBIT 5, CSA/CSM, ISO 27001.