Cybersecurity Technology Risk Compliance Analyst

Cybersecurity & Technology Risk Compliance Analyst

Tampa FL

This is a 6 Month Contract NO C2C.

Must be a US Citizen or Green Card holder.

Cybersecurity & Technology Risk Management Compliance Analyst ensures DTCC is complying with several cybersecurity regulatory requirements cybersecurity industry standards frameworks and best practices. Additional staffing is required to assist with the identification development and ongoing mapping of internal cybersecurity and technology policies procedures and controls that demonstrate compliance with cybersecurity regulatory requirements and work with stakeholders to address gaps and inconsistencies. This function provides transparency into the cybersecurity laws and regulations that govern DTCC policies and facilitates mapping of those requirements to controls. In addition the function monitors and organizes existing controls and their alignment in the enterprise GRC tool. The ideal candidate has done related work for at least five years and has a thorough knowledge of technology controls (IT and cyber) including how they are executed in todays IT threat landscape. The incumbent should have a strong understanding of testing cyber security methodologies frameworks and regulations in the financial services sector.

Principal Responsibilities:

Perform mapping of regulatory requirements to policies procedures industry standards frameworks and existing controls

Review policies and procedures that demonstrate compliance with regulatory requirements and work to address gaps and inconsistencies.

Continue to develop and maintain a comprehensive library of applicable cybersecurity laws and regulations as well as requirements and resulting controls.

Monitor regulatory trends guidance and new regulations which impact cybersecurity and require enhancements to the existing control framework.

Prepare reports on the status of the program to appropriate governance structure(s) and senior management.

Support the facilitation of impact assessments to evaluate new or changing regulations and readiness for compliance.

Evaluate new initiatives and business ventures to identify and evaluate compliance requirements and readiness.

Develop action plans for development and enhancement of cybersecurity controls and provide ongoing support and monitoring of the implementation of those controls.

Evaluate policies and procedures to identify and address any compliance gaps or inconsistencies within the control framework and alignment with applicable regulations.

Understand cyber and IT best practices including knowledge of frameworks guidelines and regulations (i.e. NIST Cybersecurity Framework FFIEC NYSDFS)

Ensure cybersecurity and technology risk management meets all industry regulations standards and compliance requirements.

Qualifications

5 years experience; prior experience in risk management legal compliance or auditing preferred

Bachelors degree preferred; advanced degree and/or certification a plus

College Degree in Business Management / Computer Science or related field preferred

CISA CISM CISSP CRISC or equivalent certification

Specific Qualifications

Proficient in PowerPoint Excel and Word

Knowledge of financial services laws and regulations particularly in the securities markets

Experience working at or with financial services regulators (e.g. SEC FRB NYSDFS CFTC ESMA etc.) is highly desirable

Previous audit experience preferred.

Familiarity with ISO/IEC 27001/27002:2013 NIST Cybersecurity Framework NIST Special Publication (SP) 80053 or other cyber technology financial services guidelines frameworks and regulations is required.

Expert writing skills to support thorough documentation and communication of information security principles.

Intermediate level experience with Microsoft Excel. Has ability to create metrics

Understand the concepts of information technology risk and the different elements required that mitigate risk.

Knowledge of basic compliance principles and standards including industry best practices and compliance controls

Proven knowledge of technical infrastructure networks databases and systems and how they affect an organizations cybersecurity and technology risk

Ability to work efficiently and independently with minimal supervision (i.e. selfmotivated proactive and willing to stretch to meet important deadlines).

Required Knowledge Skills and Abilities: (Companies ATS Questions):

1. Do you have 5 years experience; prior experience in risk management legal compliance or auditing preferred

2. Do you have a Bachelors degree preferred; advanced degree and/or certification a plus College Degree in Business Management / Computer Science or related field preferred

3. Do you have CISA CISM CISSP CRISC or equivalent certification

4. Do you have Knowledge of financial services laws and regulations particularly in the securities markets

5. Do you have Experience working at or with financial services regulators (e.g. SEC FRB NYSDFS CFTC ESMA etc.) is highly desirable

6. Do you have Previous audit experience preferred.

7. Do you have Familiarity with ISO/IEC 27001/27002:2013 NIST Cybersecurity Framework NIST Special Publication (SP) 80053 or other cyber technology financial services guidelines frameworks and regulations is required.

8. Do you have Knowledge of basic compliance principles and standards including industry best practices and compliance controls

9. Do you have Proven knowledge of technical infrastructure networks databases and systems and how they affect an organizations cybersecurity and technology risk

10. Must be a US Citizen or Green Card holder.

Remote Work :

No