Cyber Security Governance

and The Company

**Are you looking to join an organization that is growing and dynamic? What about a high-energy, collaborative environment that rewards hard work?**

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk. Our professionals serve as trusted advisors to organizations facing high-stakes events demanding urgent attention, staunch integrity, clear-cut analysis, and an understanding of both tangible and intangible assets. The firm provides a comprehensive suite of services, products, and data that enable clients to navigate complex, contentious, and often catastrophic situations**. **We have over 100 locations worldwide. We are highly committed to all members of our community, both employees and clients. Our organization focuses on promoting a sense of community and inspiring our people to achieve results that exceed goals.

The Team and Job Summary

**_ Please submit your resume in English._**

Job Responsibilities

The Cyber Security Governance & Risk Analyst will support the GRC Team to drive the design, implementation, and ongoing delivery of:

- Formal Cyber Security Risk Management.
- Cyber Security Policies.
- Cyber Security Compliance.
- Participate in the review and assessment of third-party vendor security controls to ensure compliance with Cyber Security standards.
- Third Party Risk Assessments.
- DR/BCP.
- Help monitor and ensure compliance with relevant regulatory requirements, such as GDPR, HIPAA, ISO 27001, CMMC, NIST CSF.
- Support the development of training and awareness programs for employees to promote a security-conscious culture and adherence to J.S. Held
- Assist in coordinating internal and external audits and examinations related to Compliance and Cyber Security
- Aid in the preparation and presentation of GRC reports, metrics, and key performance indicators as needed.
- Coordinate annual external penetration test and security assessments utilizing 3rd party.
- Contribute to incident response activities, including updating the directory, documenting and reporting security incidents, and participating in post-incident analysis to identify areas of improvement.
- Stay updated on emerging Cyber Security trends, regulatory changes, and industry standards to assist in keeping the organization's GRC practices current and effective.
- Asset Compliance Management.

Required Qualifications
- Professional Level / Full English Fluency (B2).
- Experienced building and executing technology risk frameworks, assessments, reports, metrics, KRIs, and utilizing risk management tools to analyze and model risk. Ability to align frameworks and policies to address requirements from frameworks like COBIT, NIST CSF and ISO, and regulations such as GDPR, HIPAA NY-500, and CCPA.
- Experience designing and evaluating Cyber Security processes, risks, and controls.
- Technical knowledge of Azure, Azure AD, O365, Windows 10/11, iOS, and technical controls us to secure Technology assets (Data, Client and Server OS, Network, Applications, SaaS, IaaS, etc.)
- Hands-on Cyber Security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
- Strong oral and written communications skills appropriate for interacting with all levels of staff, vendors, and other stakeholders.
- Ability to develop security standards and guidelines based on best practices and industry standards.
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Proficiency in analyzing security risks, vulnerabilities, and controls within an IT environment.
- Capability to work on multiple tasks with shifting and sometimes conflicting priorities.
- Able to work effectively with other departments to develop effective and efficient solutions.
- Experience designing and implementing information technology processes.
- Demonstrated experience successfully collaborating with remote colleagues.
- Experience working with vendors or managing vendor relationships.
- Experience collaborating with Application, Infrastructure, Network, HelpDesk, and Security teams.
- Ability to deal with ambiguity and flexibility to work collaboratively with others in a dynamic environment.

Preferred Qualifications
- Bachelor’s degree in Computer Science or similar.
- Minimum 8 years of experience in IT Audit, Risk Management or Compliance
- 5+ years (required) Cyber Security
- 3+ years (required) Cyber Security - Governance, Risk and Compliance (GRC)
- Professional certifications such as CISA, CompTIA Security+, COBIT, CISM are a plus.

Physical and Mental Job Qualifications
- Prolonged periods sitting at a desk and working on a computer.

J.S. Held is dedicated to becoming the global leader in providing multi-disciplinary consulting services to the construction, government, healthcare, industrial, insurance, energy, legal, and technology, communities. We have diver