Summary

CACIB is seeking a highly motivated and detail-oriented Associate, Cyber Risk Management to join our growing cybersecurity and risk team. This role will play a central part in conducting internal cyber security reviews, including enterprise control, application level, and maturity assessments. The ideal candidate will have hands-on experience performing cyber risk assessments and strong foundational knowledge of cybersecurity controls and frameworks.

Key Responsibilities

• Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks
• Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness
• Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI
• Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results
• Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures
• Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes
• Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework

Additional Responsibilities

• Coordinate issue management and remediation, ensuring timely resolution of identified security risks and issues
• Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation
• Perform quality assurance checks on risk assessments and documented control gaps
• Support cybersecurity training and awareness initiatives to promote best practices across the organization
• Help identify opportunities to streamline assessment workflows and improve consistency across risk domains

Required Qualifications

• 2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline
• Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.)
• Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls)

Salary Range: $110k-$135k

#LI-DNI

Education Essential: Bachelor’s degree in cybersecurity, information technology, or related field 

Education Desirable: 

• Advanced studies in information security or risk management
• CRISC, CISA certification or equivalent

Experience Essential: 2+ years in information security, risk management, or similar field

Competencies Essential: 

• Analytical thinking - Strong ability to analyze technical and business risk with critical thinking
• Risk based judgement - Ability to evaluate and prioritize risks based on likelihood, impact, and control effectiveness
• Attention to detail – High level of precision in assessment documentation, issue tracking, and reporting
• Communication skills – Effective verbal and written communication

Skills & Knowledge Essential: 

• Familiarity with risk assessment methodologies and cybersecurity frameworks (e.g., NIST CSF, ISO 27001, SIG, FFIEC)
• Experience with third party / vendor risk assessment processes and due diligence
• Strong organization skills with experience managing multiple tasks and assessments simultaneously  

Skills & Knowledge Desirable:

• Proficiency with reporting tools (e.g., Excel) and GRC platforms
• Knowledge of application security concepts and cloud security
• Understanding of regulatory environments such as NYDFS, SOX, SOC1 & 2 as they relate to cybersecurity