Review, track/document and work through analyzing the root causes of incidents and anomalies within the enterprise cybersecurity program.
Implement robust research and monitoring processes to identify trends, themes and other causative elements.
Identify, develop, and prioritize cybersecurity program support and remediation actions according to business criticality.
Engage relevant stakeholders and escalate root cause analysis outcomes as appropriate.
Maintain relationships with key stakeholders and support other Cybersecurity GRC processes as applicable.
Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans.
Partner with security SMEs and stakeholders across the enterprise in conducting root cause analysis of security incidents, exceptions, and anomalies.
Requirements
Bachelor’s degree from an accredited college/university
At least two (2) relevant cybersecurity certifications (e.g., CISM, CISSP, CCSP, GIAC, CISA, CRISC).
5+ years working with global cybersecurity industry standards, frameworks, and regulatory requirements such as ISO-27001/2, PCI, CMMC, NYDFS, FFIEC, SWIFT, CTPAT
5+ years of experience working with the Microsoft Office/O365 Suite
5+ years of data management, analysis, transformation, systems workflow modeling and implementation
Big Four (4), or management/IT consulting experience is a plus.