Vacancy expired!
Job Description:
The Control Evaluation Analyst is responsible for reviewing and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:- Ensure alignment of threats to existing Risk IDs,
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
- Direct experience with or familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
- Ensure alignment of threats to existing Risk IDs,
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
- Direct experience with or familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
- Ensure alignment of threats to existing Risk IDs,
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
- Direct experience with or familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
Vacancy expired!