Senior Advisor, Cyber Security

Archer helps organizations manage risk in the digital era – uniting stakeholders, integrating technologies, and transforming risk into reward. As true pioneers in Integrated Risk Management (IRM) software, Archer remains solely dedicated to helping customers manage risk and compliance domains, from traditional operational risk to emerging issues such as ESG.  With over 20 years in the risk management industry, the Archer customer base represents one of the largest pure risk management communities globally, with more than 1,200 customers including more than 50% of the Fortune 500.

As an Information Security Analyst, you will be a critical member of the Security Operations Team working to reduce the cyber risk surface area across the enterprise. This role specializes in risk management of information security issues such as securing customer-facing technologies and protecting customer information. You will work closely with other departments to identify, recommend, develop, implement, and support a risk-informed IT decision and action framework. We believe governance, risk, and compliance are key aspects of information security and are looking for a highly driven information technology professional to continue developing the Cyber Risk Management Program.

What you’ll do

• Work with various teams to identify and assess security risks
• Actively manage risks on the Cyber Risk Register from intake to resolution
• Develop regular cyber risk OKRs and KPIs to provide actionable insights to leadership
• Build relationships with business stakeholders across the organization to ensure remediation of cyber risk remains a priority.
• Develop security automation to make more efficient processes
• Communicate risk assessment findings with key stakeholders to develop and monitor risk remediation plans
• Represent the Security team in helping to identify and track remediation of cyber risks across the enterprise
• Update the cyber risk taxonomy as needed to ensure it continues to provide consistent, valid, and comparable results
• Perform ongoing risk assessments that meet regulatory and compliance framework requirements while aligning with industry leading information security practices and considering the impact to business operations
• Develop cyber risk portfolios to provide a more holistic view of teams’ risks
• React to reported cyber security risks or issues to help assess any potential threats to Archer
• Identify missing or insufficient controls through risk management process
• Work closely with the Asset Manager to ensure criticality of assets is considered during risk assessment and remediation
• Work closely with appropriate teams to ensure compliance requirements are considered during risk assessment and remediation.
• Identify missing or insufficient controls and provide recommendations to Security governance.
• Work with organization stakeholders to develop and document risk tolerance thresholds
• Regularly report findings, risks, and recommendations
• Support the Security Team as needed through other duties that may be assigned
  
  This might describe you
• Strong background in Information Security and Technology
• Strong analytical skills to manage technical and project management issues, as well as drive issues to closure
• Proactive problem-solving, negotiation, and decision-making skills to influence key stakeholders
• Self-starter, can see technical and administrative issues and bring them to the surface with recommendations for improvement
• Analytical and troubleshooting skills, demonstrating an aptitude for conducting quantitative and qualitative analysis of large and complex data
• Ability to work independently and as a team to deliver quality work
• Self-organized and able to participate in the project management process
• Attention to detail and the ability to prioritize work efficiently and effectively
• Ability to execute projects and tasks while juggling multiple priorities
• Strong communication and writing skills
• Experience working within information classification and/or data privacy frameworks
• An outgoing personality and enthusiasm interacting with others
• Familiarity of public company requirements, including Sarbanes Oxley and key regulations, if applicable Pluses
  Bachelor’s degree in IT, computer science, information security or a related field
• Object oriented programming experience
• Scripting experience
• Experience working within a SOC
• Experience working with Antivirus solutions
• CISSP Certification or equivalent
• Experience building and implementing technical and risk management components within security systems
• Experience using ADO or equivalent framework
• Project management experience
• Working knowledge and experience with compliance and security frameworks such as ISO 27001, PCI DSS, GDPR, NIST, CIS and SANS Critical Controls