Title: Risk Assessment – Security Specialist Supervisor: Cybersecurity Service Manager Status: Full Time, Exempt Travel Requirements: Up to 50% Location: Remote or Troy, NY
Position Description: The Risk Assessment – Security Specialist is an experienced cybersecurity professional who has knowledge of information security concepts and functions. The individual has the capability to lead and implement a cybersecurity program and understands key business processes including risk management and compliances. The Security Specialist leads the delivery of client solutions and acts as a trusted advisor to help solve business-critical problems. This position is a critical member of a cybersecurity-focused business solution team, composed of capable and high-caliber cybersecurity professionals. The ideal candidate thrives, excels and easily adapts in a fast-paced work environment.
Perform Service Delivery:
Lead controls based gap assessments for frameworks such as NIST 800-53, NIST 800-171, NIST CSF, CIS, and HIPAA.
Lead risk workshops to score probability and impact of various risks to client’s organization.
Present risks and risk mitigation strategies to Executive and Senior leadership.
Supports senior team members as they advise and support Clients in a wide range of compliance and security domains, including risk assessment, governance, data classification, policies, controls and procedures, vendor management, awareness, incident response, penetration testing and vulnerability assessment.
Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders.
Plan, participate in, and lead security and compliance program development activities based on industry recognized standards (e.g. NIST 800-53, NIST 800-171, NIST CSF, CIS, HIPAA, PCI, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301).
Participate in and lead Client conversations and interviews in a professional and meaningful way.
Participate in risk management activities to support creation and adoption of a risk management strategy.
Have a general knowledge of technical projects and their contributions to the cybersecurity lifecycle.
GreyCastle Security considers this position as Moderate Risk with a very likely potential to view, access, or download restricted information, private client information or internal data. This information must be treated with sensitivity and in the most secure manner defined in the Information Classification and Handling Standard policy.
Information security is everyone’s responsibility. GreyCastle Security employees are responsible for:
Understanding and following GreyCastle Security’s information security policies and procedures.
Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security.
Actively participating in GreyCastle Security’s effort to maintain and improve information security.
Ideal Skills, Experience, Competencies and Qualifications:
Bachelor’s Degree in Information Security or equivalent professional experience in cybersecurity industry.
3+ years of experience in the cybersecurity industry working with business customers.
Demonstrated proficiency in leading and supporting cybersecurity services, including but not limited to risk assessment, data classification, policy/standards procedure development, awareness, vendor risk management, incident response, vulnerability management and penetration testing.
Ability leading delivery of cybersecurity services, including but not limited to:
Policy/standards procedure development
Vendor risk management
Proven ability to support and/or lead services to meet industry accepted standards and compliance frameworks such as HIPAA, NIST, ISO, etc.
Proficient with Microsoft programs and collaboration tools (e.g., Zoom, WebEx, Teams).
CompTIA Security +, CEH, CISM, or other security-related certification.
Supervisory Responsibility: This position has no supervisory responsibility.
Work Environment: This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the job, the employee will have prolonged periods of sitting at a desk and working on a computer while consistently repeating motions with wrists, hands, and/or fingers to operate computer and office equipment. The employee may occasionally lift and/or move in excess of 15 pounds. The employee will frequently communicate with others to exchange information, both verbally and in writing.
Position Type/Expected Hours of Work
This is a full-time position, and hours of work and days are typically Monday through Friday, 8:00 a.m. to 5:00 p.m.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.