Title: Risk Assessment – Security Specialist
Supervisor: Cybersecurity Service Manager
Status: Full Time, Exempt
Travel Requirements: Up to 50%
Location: Remote or Troy, NY
We are always on the lookout for top talent to join our team! Although we don't have any current openings at the moment, we are growing and an opening may become available in the near future. Apply today and be our first callback when a position becomes available.
The Risk Assessment – Security Specialist is an experienced cybersecurity professional who has knowledge of information security concepts and functions. The individual has the capability to lead and implement a cybersecurity program and understands key business processes including risk management and compliances. The Security Specialist leads the delivery of client solutions and acts as a trusted advisor to help solve business-critical problems. This position is a critical member of a cybersecurity-focused business solution team, composed of capable and high-caliber cybersecurity professionals. The ideal candidate thrives, excels and easily adapts in a fast-paced work environment.
- Perform Service Delivery:
- Lead controls based gap assessments for frameworks such as NIST 800-53, NIST 800-171, NIST CSF, CIS, and HIPAA.
- Lead risk workshops to score probability and impact of various risks to client’s organization.
- Present risks and risk mitigation strategies to Executive and Senior leadership.
- Supports senior team members as they advise and support Clients in a wide range of compliance and security domains, including risk assessment, governance, data classification, policies, controls and procedures, vendor management, awareness, incident response, penetration testing and vulnerability assessment.
- Produce detailed findings and recommendations, and deliver those findings to senior management, board members and key stakeholders.
- Plan, participate in, and lead security and compliance program development activities based on industry recognized standards (e.g. NIST 800-53, NIST 800-171, NIST CSF, CIS, HIPAA, PCI, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 22301).
- Participate in and lead Client conversations and interviews in a professional and meaningful way.
- Participate in risk management activities to support creation and adoption of a risk management strategy.
- Have a general knowledge of technical projects and their contributions to the cybersecurity lifecycle.
Ideal Skills, Experience, Competencies and Qualifications:
- GreyCastle Security considers this position as Moderate Risk with a very likely potential to view, access, or download restricted information, private client information or internal data. This information must be treated with sensitivity and in the most secure manner defined in the Information Classification and Handling Standard policy.
- Information security is everyone’s responsibility. GreyCastle Security employees are responsible for:
- Understanding and following GreyCastle Security’s information security policies and procedures.
- Remaining vigilant and reporting any suspicious activity or possible weaknesses in GreyCastle Security’s information security.
- Actively participating in GreyCastle Security’s effort to maintain and improve information security.
- Bachelor’s Degree in Information Security or equivalent professional experience in cybersecurity industry.
- 3+ years of experience in the cybersecurity industry working with business customers.
- Demonstrated proficiency in leading and supporting cybersecurity services, including but not limited to risk assessment, data classification, policy/standards procedure development, awareness, vendor risk management, incident response, vulnerability management and penetration testing.
- Ability leading delivery of cybersecurity services, including but not limited to:
- Risk assessment
- Data classification
- Policy/standards procedure development
- Vendor risk management
- Incident response
- Vulnerability management
- Penetration testing
This position has no supervisory responsibility.
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the job, the employee will have prolonged periods of sitting at a desk and working on a computer while consistently repeating motions with wrists, hands, and/or fingers to operate computer and office equipment. The employee may occasionally lift and/or move in excess of 15 pounds. The employee will frequently communicate with others to exchange information, both verbally and in writing.
Position Type/Expected Hours of Work
- Proven ability to support and/or lead services to meet industry accepted standards and compliance frameworks such as HIPAA, NIST, ISO, etc.
- Ability to clearly communicate and present to senior and board-level professionals.
- Ability to perform:
- Professional and engaging presentation skills.
- Critical thinking and problem-solving logic.
- Proficient with Microsoft programs and collaboration tools (e.g., Zoom, WebEx, Teams).
- CompTIA Security +, CEH, CISM, or other security-related certification.
This is a full-time position, and hours of work and days are typically Monday through Friday, 8:00 a.m. to 5:00 p.m.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
Equal Opportunity Employer
GreyCastle Security provides equal employment opportunity to all applicants and employees without regard to age, color, disability, gender, marital status, national origin, race, religion, sexual orientation, gender identity and expression, physical or mental disability, genetic predisposition or carrier status, or any other characteristic protected by law in accordance with all applicable federal, state, and local laws. GreyCastle Security provides equal employment opportunity in all aspects of employment and employee relations, including recruitment, hiring, training and development, promotion, transfer, demotion, termination, layoff, compensation, benefits, and all other terms, conditions, and privileges of employment in accordance with applicable federal, state, and local laws.