Cyber Security Consultant

Our Client, a Global Investment Bank, is seeking a Cyber Security Consultant in their New York, NY location. Responsibilities: Perform detailed cybersecurity risk assessments for applications, ensuring alignment with Governance, Risk, and Compliance (GRC) frameworks. Recommend and evaluate security controls across various domains, including IAM, endpoint security, network security, application security, cloud security, vulnerability management, configuration management, and DLP controls. Review and provide advisory on security architecture design documents to ensure compliance with organizational and regulatory standards. Assess and document compliance with bank security policies, procedures, and controls while identifying gaps and providing actionable recommendations to stakeholders. Support GRC initiatives by aligning risk assessments with enterprise risk management and regulatory compliance requirements. Collaborate with team members but demonstrate the ability to work independently on most projects. Evaluate and validate evidence (e.g., policies, reports, and procedures) regarding security controls, testing, and GRC metrics. Communicate identified risks, including their business impact, to stakeholders and provide recommendations for mitigation strategies. Prepare and present risk assessment findings and GRC reports to management and relevant committees. Conduct and document third-party vendor security risk assessments, ensuring alignment with GRC frameworks, and work with relationship managers to address critical and high-risk issues. Ensure compliance with enterprise policies, procedures, and applicable regulatory requirements. Support GRC reporting processes, including the creation of dashboards and key performance indicators (KPIs). Must-Have Skills/Requirements: Cybersecurity and GRC Experience: 58 years of IT security analysis experience, with hands-on involvement in GRC frameworks and tools. Threat and Risk Assessment Expertise: Proven experience conducting cybersecurity threat and risk assessments, incorporating GRC principles, with at least one project within the past 3 years. Technical Knowledge: Strong understanding of security controls and mechanisms across IT environments. Experience with GRC tools and platforms to document and manage risks, policies, and compliance activities. Familiarity with regulatory requirements, such as GDPR, CCPA, PCI DSS, and SOX. MS Office Proficiency: Advanced knowledge of MS Office, with a strong preference for extended experience in MS Excel (e.g., pivot tables, macros). Key Skills: Expertise in cybersecurity control testing and GRC integration. Familiarity with cybersecurity audit and risk management methodologies. Strong communication skills to translate technical findings into business impacts. Ability to prioritize assessments, manage tasks independently, and provide proactive updates to management. Detail-oriented, resourceful, and team-oriented with a professional attitude. Nice-to-Have Skills: Experience in financial services, with a focus on regulatory compliance and GRC integration. Proficiency in advanced MS Excel functions and reporting. Educational Qualifications: Bachelors or Masters degree in IT, Cybersecurity, or a related field (preferred). CISSP certification (ISC2 Associate or fully certified) is required. Certifications related to GRC (e.g., CRISC, CISA, or CGEIT) are highly desirable.