Cyber Control Findings Analyst- (#CC)

Job Summary:Cyber Control Findings Analyst is responsible for reviewing, monitoring, and resolving security findings within an organization. Here are the typical duties and qualifications for this role:Typical Duties and Responsibilities: Risk and Vulnerability Assessments: Conduct risk and vulnerability assessments, validation testing, compliance reviews, and audits following NIST standards. ISO 27001 and SOC 2 Audits: Manage and support SOC 2 and global ISO 27001 audits. Promoting ISO 27001 Standards: Encourage widespread implementation of ISO 27001 standards. Central Repository for Audit Evidence: Maintain and monitor a central repository for audit evidence. Stakeholder Communication: Inform relevant stakeholders about important concerns and hazards. Collaboration with Departments: Work with corporate IT, procurement, and privacy departments to align with GRC (Governance, Risk, and Compliance) objectives. Stay Updated: Keep up-to-date with industry procedures and methods.Required Skills and Experience: Bachelor's degree in information cybersecurity, risk management, governance, or a related field. 5+ years of direct experience in information security, with a focus on risk and compliance. Expertise in conducting ISO 27001 and SOC 2 audits and handling audit responses. Knowledge of relevant regulatory compliance requirements (ISO 27001, SOC 2, NIST, FedRamp, CMMC, PCI, GDPR, etc.). Familiarity with identity management standards, cloud storage, and disaster recovery. Proficiency in GRC tools and best practices (e.g., ZenGRC, OneTrust, Archer). Strong attention to detail and effective communication skills.Preferred Qualifications:ISO 27001 Lead Auditor, CISA, CISM, or CISSP certificationLocation: New York, NYDuration: Long Term ContractDepartment: Information SecurityReports To: Cybersecurity ManagerDuration : 6 months with potential to extend full year. Onsite : 3 days a week Tue, Wed, Thursday