Cyber Control Findings Analyst

Job Title: Cyber Control Findings Analyst

Location: New York NY

Job Summary:

Cyber Control Findings Analyst is responsible for reviewing monitoring and resolving security findings within an organization. Here are the typical duties and qualifications for this role:

Typical Duties and Responsibilities:

• Risk and Vulnerability Assessments: Conduct risk and vulnerability assessments validation testing compliance reviews and audits following NIST standards.
  
• ISO 27001 and SOC 2 Audits: Manage and support SOC 2 and global ISO 27001 audits.
  
• Promoting ISO 27001 Standards: Encourage widespread implementation of ISO 27001 standards.
  
• Central Repository for Audit Evidence: Maintain and monitor a central repository for audit evidence.
  
• Stakeholder Communication: Inform relevant stakeholders about important concerns and hazards.
  
• Collaboration with Departments: Work with corporate IT procurement and privacy departments to align with GRC (Governance Risk and Compliance) objectives.
  
• Stay Updated: Keep uptodate with industry procedures and methods.
  

Required Skills and Experience:

• Bachelor s degree in information cybersecurity risk management governance or a related field.
  
• 5 years of direct experience in information security with a focus on risk and compliance.
  
• Expertise in conducting ISO 27001 and SOC 2 audits and handling audit responses.
  
• Knowledge of relevant regulatory compliance requirements (ISO 27001 SOC 2 NIST FedRamp CMMC PCI GDPR etc.).
  
• Familiarity with identity management standards cloud storage and disaster recovery.
  
• Proficiency in GRC tools and best practices (e.g. ZenGRC OneTrust Archer).
  
• Strong attention to detail and effective communication skills.
  

Preferred Qualifications:

• ISO 27001 Lead Auditor CISA CISM or CISSP certification