If interested, please email your updated resume to Cecilia at
Cyber Security Analyst
Contract
San Antonio, TX
Required Experience:
3-5+ years cybersecurity or information security experience
3-5 years of Third-Party Information Security Risk management with demonstrated ability to perform and document security risk assessments
3-5 years of PCI, SOX, SOC1 and/or SOC2 experience with demonstrated ability to support cyber security related audit/compliance functions
Information Security controls experience with NIST CSF, NIST SP 800-53, FISMA, ISO 27001 or COBIT or other applicable control frameworks
Exceptional written and verbal communication skills with a demonstrated ability to write detailed information security risk assessments and associated remediation plans
Must be a strong communicator to technical and non-technical audiences including developers, architects, customers, business analysts and tech operators
Ability to quickly develop excellent working relationships with peers and key stakeholders, such as business partners, legal, internal audit, risk, and technology specialists
Preferred Experience:
Proficiency with Microsoft Office, Preference given to candidates with deep Excel and PowerPoint skill sets
Experience in one or more GRC systems including Archer, RiskVision, RSAM or equivalent
Experience with systems such as Remedy, JIRA, Tanium, and equivalent
Description:
Gathers data, analyzes and drafts reports, including department, project, key indicators and dashboards.
Working within our Information Security team, the Cyber Security Analyst plays a key role in the identification, assessment, prioritization and remediation processes of cyber security risks and vulnerabilities specifically regarding third party or vendor relationships
Evaluates cyber security threats, risk, vulnerabilities, and processes to determine relative risk to the product, system, and organization
Coordinate with Third Party Risk Management and Procurement to understand Third Party risks, perform security risk assessments, document remediation plans, and advise on appropriate contractual requirements for security controls
Analyzes relevant policies, standards, and procedures against dedicated frameworks (NIST, ISO, COBIT, etc.) and regulatory drivers (HIPAA, New York State Department of Financial Services Rule 500, California Consumer Protection Act, etc.) to drive compliance activities
Engages with partners in Operations, Legal/Privacy, Operational Risk, Information Technology, and Internal Audit to efficiently ensure compliance with NY DFS, SOX, SOC1, SOC2, PCI, and other regulatory/statutory requirements
Effectively engages business unit and functional leadership to socialize and gain support for security initiatives, while solving security challenges
Help transform control culture from current detective controls to preventative controls
Help build security as competitive differentiator for sales enablement
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or
