Cyber Strategy and Risk Advisory Specialist

Cyber Strategy and Risk Advisory Specialist

Requirements

• 3+ years of experience supporting enterprise engagements with Fortune 500 and Global 1000 clients and delivering results to senior stakeholders, including industry best practices and standards across cybersecurity and risk management disciplines providing high-quality service and building strong client relationships
• 2+ years of experience in a client or customer service delivery role, including executing cybersecurity assessments against industry frameworks, such as NIST CSF, NIST 800-53, and ISO 27001, and identifying root cause issues and recommending risk-aligned remediations that extend beyond basic control gaps to uplift our client’s cyber resilience
• 2+ years of experience authoring technical reports, presentations, and briefs based on performed cybersecurity or risk assessments, including communication of findings and recommendations
• Experience identifying technology vulnerabilities using both manual and automated processes, including automated compliance and vulnerability scanners and system configuration reviews
• Experience with security GRC practices, including risk management frameworks, regulatory requirements, and industry standards, such as NIST CSF or NIST 800-53
• Ability to work in a team-oriented environment and drive collaboration and productivity
• Ability to analyze complex security issues, develop effective mitigations, and frame results to strategic audiences, including effective storytelling
• Ability to convey complex technical information to audiences
• Bachelor’s degree

Responsibilities

No responsibilities provided.

Preferred Qualifications

• Experience working for a Technology Company and with SOC or threat hunting, including detecting, analyzing, and mitigating cyber threats effectively
• Experience with application security and testing, including secure coding practices and vulnerability assessment methodologies, administering and assessing network devices and security controls, including network security management and configuration, and with Windows or Linux system administration, including managing and securing operating systems effectively
• Knowledge of security standards, such as Center for Internet Security (CIS) and DoD Security Technical Implementation Guide (STIG), and industry best practices and compliance requirements
• Knowledge of cybersecurity functions, such as asset management, identity and access management, cloud security, network security, security operations, and incident response, and technologies, such as SIEM, EDR, IPS/IDS, SAST, DAST, CASB/DLP, CSPM, or CWPP
• Knowledge of cloud assessment methodologies, including utilizing built-in processes for assessing native cloud services, and optimizing cloud infrastructure for efficiency, security, and cost-effectiveness
• Knowledge of emerging trends and technologies in threat modeling, such as ATT&CK, PASTA, or STRIDE Cyber Risk Quantification (CRQ), to assist organizations in evaluating the impact of cyber threats on their assets, operations, and reputation
• Ability to conduct independent research on emerging topics, regulations, industry practices, and new technologies, indicating a commitment to staying updated with the evolving cybersecurity landscape
• Possession of excellent interpersonal, analytical, critical thinking, and problem-solving skills
• Bachelor’s degree in IT, Cybersecurity, Computer Science, or Engineering
• Certified Incident Handler (GCHI), GIAC Enterprise Incident Response (GEIR), or MITRE Threat Hunting Certifications