Senior GRC Analyst
Cantor Fitzgerald, New York City, NY, United States
The Information Security-GRC (Governance Risk and Compliance) Team is looking for an experienced risk and compliance professional to help drive the efforts across Cybersecurity controls framework initiatives, such as user access recertification, policy management, vendor assessment and client due diligence. This role will also be responsible furthering Cantor’s and its entities Cybersecurity control design model in alignment with industry frameworks. The role will also work closely with adjacent teams focused on standards, stakeholder assurance, and engagement with technology owners.
Qualification Requirements:
- 3-5 years of experience in risk and control management.
- 3-5 years of combined experience in areas such as audit, accounting, operational risk management, information technology/security.
- Knowledge of various risk and control framework standards such as NIST, COSO, CMMI, ISO, SOC1/2, CobiT, etc.
- Exposure to mapping cybersecurity control frameworks and risk management processes.
- Exposure to access management processes, such as user access recertification.
- Experience with RCSA (Risk Control Self-Assessment).
- Familiarity with cybersecurity controls and remediations.
- Experience with problem solving in a team environment by thinking outside of the box and providing innovative solutions, with and without technology.
- Experience in Microsoft 365 (Project, PowerPoint, Excel, Word)
- Public accounting "Big Four" audit experience preferred.
- CISA certification preferred.
- SOX experience preferred.
The expected base salary for this position ranges from $90,000 to $130,000. The actual base salary will be determined on an individualized basis considering a wide range of factors including, but not limited to, relevant skills, experience, education, and where applicable, licenses or certifications held. In addition to the base salary and a competitive benefits package, this position may be eligible for additional types of compensation including discretionary bonuses and other short and long-term incentives (e.g., deferred cash, equity, etc.).