Staff Cyber Risk Analyst (3rd party)
About Us
Diligent is the global leader in modern governance, providing SaaS solutions across governance, risk, compliance, audit and ESG. Empowering more than 1 million users and 700,000 board members and leaders with a holistic view of their organization’s GRC practices so they can make better decisions, faster. No matter the challenge.
At Diligent, you are an agent of positive change. You are joining a team of passionate, smart, creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. Be a part of a global community on a mission to make a real impact.
Learn more at diligent.com.
Position Overview:
As a Staff Cyber Risk Analyst, you will be a key member of the Cyber Risk Management team that identifies, tracks, monitors and advises on security risks both operationally and for third-party vendors. The team is responsible for implementation of proactive security risk management programs, and you will have a range of tools for delivery and automation at your disposal. You will engage with groups across Security, Engineering, Technology, and Commercial to identify, assess, measure, and treat security risk. You will also participate in annual and ad-hoc risk assessments, perform continuous monitoring of remediation plans, and be expected to make recommendations for process improvement. As part of this role, you will have the opportunity to develop key metrics for monitoring third parties (vendors) and communicating operational risk. You will also present these metrics to management stakeholders.
This role requires good analytical, organizational and communication skills (internal, external, and to various levels of leadership), highly developed problem solving and project management skills.
Key Responsibilities:
- Perform third-party (vendor) risk, business impact, and security risk assessments.
- Identify, review, assess, and recommend treatment options for operational and third-party risks.
- Gather, analyze, and report on operational risk assessment metrics.
- Conduct security awareness and phishing simulation campaigns.
- Contribute to security awareness, policies and standards, and security controls documentation.
- Communicate risk to business stakeholders.
- Develop risk treatment plans with risk owners to mitigate operational risks.
- Identify areas for process improvement or automation.
- Other security awareness and risk management tasks as they arise, in support of the Security program.
Required Experience/Skills:
- 7+ years in Information Security related positions.
- 5+ years of Cyber Risk Management experience including familiarity with risk management methodologies and risk register maintenance.
- Familiarity with security frameworks (e.g. NIST Cybersecurity framework)
- An analytical mind with excellent problem-solving ability.
- Outstanding communication and organization skills.
- Effective use of analogies, visuals, and other techniques to tailor communications to specific audiences.
- Able to produce advanced reporting.
Preferred Experience/Skills
- Professional security certifications (e.g. CISSP, CISA/CISM, CRISC)
- Experience working within SaaS enterprises.
- Amazon Web Services (AWS) c
What Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., Baltimore, London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected].
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.