Vacancy expired!
Job Description:
The Senior Control Evaluation Analyst is responsible for and/or coordinates Control Evaluation team work to review and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:- Ensure alignment of threats to existing Risk IDs
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
- Ensuring the Control Evaluation function meets all SLAs/timelines
- Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
- Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
- Representing the Control Evaluation function as proxy for team lead
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
- Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
- Risk Analysis, risk models, risk quantification, risk score development is desired
- Previous team leadership is desired
- Ensure alignment of threats to existing Risk IDs
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
- Ensuring the Control Evaluation function meets all SLAs/timelines
- Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
- Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
- Representing the Control Evaluation function as proxy for team lead
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
- Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
- Risk Analysis, risk models, risk quantification, risk score development is desired
- Previous team leadership is desired
- Ensure alignment of threats to existing Risk IDs
- Identify and prioritize all in-scope controls
- Determine an Inherent Risk Rating
- Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
- Determine a Control Evaluation Rating and a Residual Risk rating
- Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
- Update the CTDO Resolution or QA team on any process updates received from control owners
- Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
- Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework
- Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
- Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
- Reviewing existing process and control information as it relates to the threat from cyber assessments.
- Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
- Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
- Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
- Ensuring the Control Evaluation function meets all SLAs/timelines
- Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
- Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
- Representing the Control Evaluation function as proxy for team lead
- Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise
- Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
- Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired
- The MITRE ATT&CK Framework is highly desired
- PRC and Single Process Inventory (SPI) Framework is desired
- Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
- Risk Analysis, risk models, risk quantification, risk score development is desired
- Previous team leadership is desired
Vacancy expired!