Summary

CACIB is seeking a highly motivated and detail-oriented Associate, Cyber Risk Management to join our growing cybersecurity and risk team. This role will play a central part in conducting internal cyber security reviews, including enterprise control and maturity assessments, as well as application level and third-party risk assessments. The ideal candidate will have hands-on experience performing cyber risk assessments and strong foundational knowledge of cybersecurity controls and frameworks.

Key Responsibilities

-       Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks

-       Perform cybersecurity reviews of third-party vendors as part of the onboarding and ongoing risk evaluation process

-       Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness

-       Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI

-       Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results

-       Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures

-       Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes

-       Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework

Additional Responsibilities

-       Support the development of cyber risk metrics, dashboard, and reporting materials related to risk assessments or audits

-       Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation

-       Help identify opportunities to streamline assessment workflows and improve consistency across risk domains

Required Qualitifications

-       2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline

-       Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.)

-       Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls)

Salary Range: $110k - $135k

#LI-DNI

Required:

Bachelor’s degree in cybersecurity, information technology, or related field

Preferred: 

·    Advanced studies in information security or risk management

CRISC, CISA certification or equivalent

·   2+ years in information security, risk management, or similar field

·   Analytical thinking - Strong ability to analyze technical and business risk with critical thinking

·   Risk based judgement - Ability to evaluate and prioritize risks based on likelihood, impact, and control effectiveness

·   Attention to detail – High level of precision in assessment documentation, issue tracking, and reporting

·   Communication skills – Effective verbal and written communication
·   Familiarity with risk assessment methodologies and cybersecurity frameworks (e.g., NIST CSF, ISO 27001, SIG, FFIEC)

·   Experience with third party / vendor risk assessment processes and due diligence

·   Strong organization skills with experience managing multiple tasks and assessments simultaneously  

·   Proficiency with reporting tools (e.g., Excel) and GRC platforms

·   Knowledge of application security concepts and cloud security

·   Understanding of regulatory environments such as NYDFS, SOX, SOC1 & 2 as they relate to cybersecurity