Job Details

ID #15342697
State Colorado
City Denver
Job type Permanent
Salary USD TBD TBD
Source Bank Of America
Showed 2021-06-11
Date 2021-06-10
Deadline 2021-08-09
Category Software/QA/DBA/etc
Create resume

Control Evaluation Analyst

Colorado, Denver, 80201 Denver USA

Vacancy expired!

Job Description:

The Control Evaluation Analyst is responsible for reviewing and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs,
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls

The analyst will be responsible for reviewing submissions and synthesizing threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
  • Direct experience with or familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Job Band:H5

Shift:1st shift (United States of America)

Hours Per Week:40

Weekly Schedule:

Referral Bonus Amount:0 >

Job Description:

The Control Evaluation Analyst is responsible for reviewing and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs,
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls

The analyst will be responsible for reviewing submissions and synthesizing threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
  • Direct experience with or familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Job Band:H5

Shift:1st shift (United States of America)

Hours Per Week:40

Weekly Schedule:

Referral Bonus Amount:0

Job Description:

The Control Evaluation Analyst is responsible for reviewing and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs,
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls

The analyst will be responsible for reviewing submissions and synthesizing threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with or exceptionally strong familiarity with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is highly desired
  • Direct experience with or familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Analyzes, improves, implements, and executes security controls proactively to prevent external threat actors from infiltrating company information or systems. Researches more advanced and complex attempts/efforts to compromise security protocols. Maintains or reviews security systems, assesses security policies that control access to systems, and provides regular status updates to the management team. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Shift:1st shift (United States of America)

Hours Per Week:40

Learn more about this role

Vacancy expired!

Subscribe Report job