Logo
Phyton Talent Advisors

Phyton Talent Advisors is hiring: Cyber Security Consultant in New York

Phyton Talent Advisors, New York, NY, United States


Our Client, a Global Investment Bank, is seeking a Cyber Security Consultant in their New York, NY location.

Responsibilities:

  • Perform detailed cybersecurity risk assessments for applications, ensuring alignment with Governance, Risk, and Compliance (GRC) frameworks.
  • Recommend and evaluate security controls across various domains, including IAM, endpoint security, network security, application security, cloud security, vulnerability management, configuration management, and DLP controls.
  • Review and provide advisory on security architecture design documents to ensure compliance with organizational and regulatory standards.
  • Assess and document compliance with bank security policies, procedures, and controls while identifying gaps and providing actionable recommendations to stakeholders.
  • Support GRC initiatives by aligning risk assessments with enterprise risk management and regulatory compliance requirements.
  • Collaborate with team members but demonstrate the ability to work independently on most projects.
  • Evaluate and validate evidence (e.g., policies, reports, and procedures) regarding security controls, testing, and GRC metrics.
  • Communicate identified risks, including their business impact, to stakeholders and provide recommendations for mitigation strategies.
  • Prepare and present risk assessment findings and GRC reports to management and relevant committees.
  • Conduct and document third-party vendor security risk assessments, ensuring alignment with GRC frameworks, and work with relationship managers to address critical and high-risk issues.
  • Ensure compliance with enterprise policies, procedures, and applicable regulatory requirements.
  • Support GRC reporting processes, including the creation of dashboards and key performance indicators (KPIs).

Must-Have Skills/Requirements:

  • Cybersecurity and GRC Experience: 58 years of IT security analysis experience, with hands-on involvement in GRC frameworks and tools.
  • Threat and Risk Assessment Expertise: Proven experience conducting cybersecurity threat and risk assessments, incorporating GRC principles, with at least one project within the past 3 years.

Technical Knowledge:

  • Strong understanding of security controls and mechanisms across IT environments.
  • Experience with GRC tools and platforms to document and manage risks, policies, and compliance activities.
  • Familiarity with regulatory requirements, such as GDPR, CCPA, PCI DSS, and SOX.
  • MS Office Proficiency: Advanced knowledge of MS Office, with a strong preference for extended experience in MS Excel (e.g., pivot tables, macros).

Key Skills:

  • Expertise in cybersecurity control testing and GRC integration.
  • Familiarity with cybersecurity audit and risk management methodologies.
  • Strong communication skills to translate technical findings into business impacts.
  • Ability to prioritize assessments, manage tasks independently, and provide proactive updates to management.
  • Detail-oriented, resourceful, and team-oriented with a professional attitude.

Nice-to-Have Skills:

  • Experience in financial services, with a focus on regulatory compliance and GRC integration.
  • Proficiency in advanced MS Excel functions and reporting.

Educational Qualifications:

  • Bachelors or Masters degree in IT, Cybersecurity, or a related field (preferred).
  • CISSP certification (ISC2 Associate or fully certified) is required.
  • Certifications related to GRC (e.g., CRISC, CISA, or CGEIT) are highly desirable.