Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Cyber Security Risk Analyst

B

Brightspeed

Cyber Security Risk Analyst

Charlotte, NC
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    Reporting directly to the Manager of Security Architecture and Engineering, the Cyber Security Risk Analyst is an individual contributing member of the Security Architecture and Engineering team. This team is primarily responsible for designing and implementing security solutions for various projects within the enterprise.  The team performs security review projects across different asset types, including on-premises, cloud, networks, physical security, fraud, and telecommunications infrastructure.

    The Cyber Security Risk Analyst provides an independent review of security controls across various risk assessments, including third party, regulatory/compliance, and offshore.  In this role, the analyst will be a key resource in driving the third-party risk assessment process along with offshore risk assessment.  The individual will be responsible for the risk assessment workflow, including working directly with vendors to gather and review critical documentation.  This is a critical role for organizational cyber security maturity.

    The role requires a strong background and understanding of all cyber security domains and works in the Protect, Detect, and Respond areas of the NIST CSF Framework.  The analyst should make vital cyber security decisions using a business risk analysis approach.  Brightspeed is a cloud-first (Azure, GCP, and SaaS) company with a significant data center presence.  This model requires an individual that can consider security across a diverse portfolio of assets and networks. 

    We are looking for an individual with a passion for cyber security to work alongside a talented team to build and operate a cyber security program from the ground up.  This unique opportunity allows an individual to have exposure to all aspects of cyber security and be involved in the initial creation of a cyber security program.  The individual chosen for this position should be able to adapt quickly and manage constant change effectively.

    All Enterprise Cyber Security organization team members also perform any other duties assigned. 

    AS CYBER SECURITY RISK ANALYST, YOUR DUTIES AND RESPONSIBILITIES WILL INCLUDE:

    THIRD-PARTY RISK MANAGEMENT:

    • Assess the adequacy of a vendor's security program to safeguard data
    • Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact
    • Manage, monitor, and track third-party compliance to the third-party risk management program
    • Evaluate third-party SOC-2 assessments for risk to Brightspeed data
    • Determine applicability of certain questions on various assessments based on the vendor service and vendor risk
    • Manage and review security assessment questionnaires and responses with vendors
    • Coordinate and review vendor artifacts
    • Communicate recommendations to stakeholders
    • Evaluate contractual (SOW, MSA, License) agreements for security and data protection controls
    • Perform ongoing risk assessments to ensure controls are in place
    • Document and communicate with business and IT regarding security risks and deficiencies
    • Collecting necessary security and audit information from third parties, analyzing, and recommending control implementation
    • Developing standard operating procedures to mature the third-party risk management program
    • Coordinate compliance requirements and validate artifacts (SOC 2, security policies) for vendor risk

    RISK ASSESSMENTS:

    • Assist with security risk assessments against SOX, HIPAA, and any other compliance or regulatory requirements
    • Administer audit and security GRC tools to document, sustain and improve controls

    OFFSHORE RISK ASSESSMENTS:

    • Manage, monitor, and track offshore risk
    • Evaluate risk and coordinate reporting of offshore risk to government agencies
  • Qualifications

    Qualifications

    WHAT IT TAKES TO CATCH OUR EYE

    • Bachelor’s degree in Computer Science, Engineering, Cyber Security, or a directly related field
    • Education requirements may be replaced with previous related work experience and cyber security certifications (CISSP, CISM, Security+, CEH, Azure Security Engineer, CSFA)
    • 2+ years working in the Cyber Security field
    • 2+ years of external or internal audit experience in IT systems
    • Experience with Third-Party Risk Assessments
    • Certification in: CRISC (Certified in Risk and Information System Control), CISA (Certified Information Systems Auditor) or CGEIT (Certified in the Governance of Enterprise IT
    • Ability to work independently across multiple organizations
    • Experience with PCI, SOX, NIST CSF (Cyber Security Framework), NIST 800-53, and NIST RMF is a plus
    • Understanding of PII, Privacy, and associated regulations (CCPA, COPPA, HIPPA, VCDPA, etc..)
    • Cyber risk assessments of cloud-based services (e.g. SaaS, IaaS, PaaS)
    • Experience with CPNI compliance is a plus
    • Experience working in OneTrust 3rd Party Risk Management
    • Experience in multiple domains of cyber security
    • Experience in network protection approaches and technologies
    • Working knowledge of standard computer software, including MS Office and Teams
    • Ability to work in a fast-paced environment with competing for time-sensitive priorities
    • Strong attention to detail to ensure that policies and standard procedures are followed
    • Excellent verbal and written communication skills
    • Experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry-recognized best practice/standards (e.g., NIST, ISO, PCI, SOC)
    • Written, oral, and presentation skills needed to communicate complex topics

     BONUS POINTS FOR:

    • ITIL (IT Infrastructure Library) Certification

     

    #LI-SS1

    Additional Information

    WHY JOIN US?

    WE ASPIRE TO CONTEMPORARY WAYS OF WORKING.

    We are committed to being a leader in defining a new way to work because we recognize the changing mindset of today's workforce. We are opening a new, state-of-the-art corporate HQ in Charlotte, NC and our current priority is to make it a truly vibrant destination by hiring talent in the greater Charlotte area who are interested in a hybrid remote/office work arrangement. As always, however, we are also open to providing sensible remote options to talent outside of the Charlotte area. Why? Because our purpose is to reimagine how people work, learn, play and connect!

    WE OFFER COMPETITIVE COMPENSATION AND COMPREHENSIVE BENEFITS.

    Our benefits and paid time off programs reflect our underlying belief in promoting overall wellness through physical, emotional and financial health. We are committed to building a team as diverse as the customers we serve.

    DIVERSITY, EQUITY AND INCLUSION ARE AT THE CENTER OF OUR GROUNDING BELIEF IN BEING REAL. 

    When we bring our authentic selves to work, everyone is better as a result. A diverse team helps us be fierce advocates for more accessible, inclusive and high-quality internet, because we believe doing so promotes equity in the communities we serve.

    Brightspeed is an Equal Opportunity Employer