Gravity IT Resources
Job Title: Cyber Security/Information Policy Analyst
Referral Fee: +/- $1500
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).
Gravity is looking for a Cybersecurity/Information Security Policy Analyst will oversee and support critical Cyber Security, IT Security and GRC initiatives for our client. The position will be responsible for the development of Cyber Security, IT security policy, ITGC control validation and procedures deliverables.
The successful candidate will also be expected to be an expert in IT security, offering recommendations on projects to ensure compliance with regulatory standards, policy, and IT security metrics.
Our client is a nationwide mortgage banker that offers a wide variety of home loan products. They are licensed in over 45 states and is one of the largest non-bank originators..
Duties & Responsibilities:
- Manage, plan, lead, develop, and assist in the coordination and communication of new policies and procedures relevant to the implementation of security guidance and solutions
- Document current state policy and procedures, research best practices, identify gaps, and develop target state for IT security oversight process
- Provide Cybersecurity technical control advisory regarding regulatory requirements regarding financial practices, relevant strategic initiatives, and emerging technologies/trends
- Development of controls referential to security architectures and strategies, technical standards, and requirements related to information system security project
- Create customized ISP policy controls align with NIST 800-53 controls set with emphasis on NPI, PII data information
Required Experience & Skills:
- CGEIT, CISSP or similar certification preferred
- At least 2 years of experience in cybersecurity policy development, NIST 800-53 control activities
- Bachelor's degree in Cybersecurity, Computer Science, Engineering, Management Information Systems or equivalent
- Deep understanding of compliance requirements, standards, and guidelines governing security within the Financial, State and Federal (e.g. NIST publications, NYDFS, FFIEC, SOX,)
- Deep understanding of NIST Special Publications; NIST 800-53 rev 4,800-series
- Familiarity with the System Development Lifecycle (SDLC) and how to implement security into the process properly
- Experience with developing IT security metrics to facilitate compliance with Federal guidelines