Key skills
AWSAzureCloudCyber SecurityServiceNowGoogle CloudIAMRisk ManagementNetwork SecurityCloud Security
About this role
Role Overview
- Support the identification, evaluation, treatment, and reporting of information security risks in alignment with business objectives, regulatory requirements, and industry frameworks such as NIST Cybersecurity Framework (CSF), NIST 800-53, ISO 27001, and internal security standards
- Assist in areas such as governance, control assurance, policy compliance, third-party risk assessments, and remediation tracking
- Participate in global IT risk management, cybersecurity compliance, and governance projects from planning through execution, reporting, and remediation tracking
- Perform information security risk assessments for applications, infrastructure, cloud solutions, and business initiatives
- Support control testing and compliance assessments against frameworks such as NIST CSF, NIST 800-53, ISO 27001, and internal policies
- Assist with third-party / vendor cybersecurity risk assessments during onboarding and periodic reviews
- Collaborate with business and IT teams to mitigate identified risks through practical and achievable action plans
- Review work papers, planning documents, audit reports, and technical evidence to ensure accurate identification of risks and issues
- Communicate findings timely and partner with control owners to develop remediation plans
- Assist with security governance committees, metrics reporting, and risk dashboards
- Develop and document risks for critical systems, crown jewel assets, cloud environments, and key business processes
- Review IT processes for control weaknesses and non-compliance issues and initiate corrective actions
- Provide support for Disaster Recovery, Business Continuity, and operational resilience planning
- Assist in tabletop exercises, incident response governance, and lessons learned remediation tracking
- Assist with identity and access governance reviews including privileged access, segregation of duties, and user recertifications
- Develop methods to monitor and measure risk, compliance, and assurance efforts using metrics and KPIs
- Interpret and apply applicable laws, regulations, and industry requirements into security controls and policy requirements
- Perform Security Site Assessments at manufacturing plants, warehouses, laboratories, and office locations to evaluate physical security, cybersecurity controls, network infrastructure, operational technology (OT) environments, and compliance with corporate security standards.
Requirements
- 5+ years of experience in IT, cybersecurity, audit, risk management, or related discipline
- Bachelor's degree in information technology, Cybersecurity, Computer Science, Business, or related field preferred
- Working knowledge of security frameworks such as NIST CSF, NIST 800-53, ISO 27001, and SOC frameworks
- Experience supporting regulatory compliance programs such as SOX, PCI DSS, GDPR, or similar is a plus
- Experience performing Third-Party Risk Assessments / Vendor Security Reviews is strongly preferred
- Understanding of common security domains including IAM, network security, endpoint security, vulnerability management, logging/monitoring, and incident response
- Familiarity with cloud security concepts for Azure, AWS, or Google Cloud is a plus
- Experience using governance, risk, and compliance (GRC) tools such as AuditBoard, Archer, ServiceNow, OneTrust, or similar is preferred
- Relevant certifications such as Security+, CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor are a plus.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- ServiceNow
Benefits
- Employee benefits programs designed to support health and well-being