Cybersecurity & Technology Risk Compliance Analyst (Must have Financial Service

Principal Responsibilities:
• Perform mapping of regulatory requirements to policies, procedures, industry standards, frameworks, and existing controls
• Review policies and procedures that demonstrate compliance with regulatory requirements and work to address gaps and inconsistencies.
• Continue to develop and maintain a comprehensive library of applicable cybersecurity laws and regulations, as well as requirements and resulting controls.
• Monitor regulatory trends, guidance and new regulations which impact cybersecurity and require enhancements to the existing control framework.
• Prepare reports on the status of the program to appropriate governance structure(s) and senior management.
• Support the facilitation of impact assessments to evaluate new or changing regulations and readiness for compliance.
• Evaluate new initiatives and business ventures to identify and evaluate compliance requirements and readiness.
• Develop action plans for development and enhancement of cybersecurity controls and provide ongoing support and monitoring of the implementation of those controls.
• Evaluate policies and procedures to identify and address any compliance gaps or inconsistencies within the control framework and alignment with applicable regulations.
• Understand cyber and IT best practices including knowledge of frameworks, guidelines, and regulations (i.e., NIST Cybersecurity Framework, FFIEC, NYSDFS)
• Ensure cybersecurity and technology risk management meets all industry regulations, standards, and compliance requirements.

Qualifications
• 5+ years' experience; prior experience in risk management, legal, compliance or auditing preferred
• Bachelor's degree preferred; advanced degree and/or certification a plus
• College Degree in Business Management / Computer Science [or related field preferred]
• CISA, CISM, CISSP, CRISC or equivalent certification

Specific Qualifications
• Proficient in PowerPoint, Excel and Word
• Knowledge of financial services laws and regulations, particularly in the securities markets
• Experience working at or with financial services regulators (e.g. SEC, FRB, NYSDFS, CFTC, ESMA, etc.) is highly desirable
• Previous audit experience preferred.
• Familiarity with ISO/IEC 27001/27002:2013, NIST Cybersecurity Framework, NIST Special Publication (SP) 800-53 or other cyber, technology, financial services guidelines, frameworks and regulations is required.
• Expert writing skills to support thorough documentation and communication of information security principles.
• Intermediate level experience with Microsoft Excel. Has ability to create metrics
• Understand the concepts of information technology risk and the different elements required that mitigate risk.
• Knowledge of basic compliance principles and standards, including industry best practices and compliance controls
• Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity and technology risk
• Ability to work efficiently and independently with minimal supervision (i.e., self-motivated, proactive, and willing to stretch to meet important deadlines).