Analyst, Cyber Risk

Job Summary & Objectives

The Analyst, Cyber Risk, will implement defined metrics for various functions within Information Technology and Information Security. The person in this role will be responsible for implementing and maintaining cyber risk metrics and reporting for all levels of management.  This includes measurement of cyber control compliance, analysis of available data points and identification of required data points for meaningful metrics and professional presentation of results.  The candidate will also be involved in other cyber risk analysis objectives such as, but not limited to, controls testing, documentation administration, security awareness tracking and reporting, third party risk administration, incident response, and overall risk reporting.

The ideal candidate is an experienced professional with a strong background in data analytics as well as presenting reports in a clear, concise, and consumable fashion.  They will possess some knowledge of industry frameworks such as NIST, ISO, and SOC, along with strong analytical skills, attention to detail, and the ability to collaborate cross-functionally with other IT security teams. They will also working knowledge and experience with integration and automation of varying tools and data structures.

Essential Job Duties & Responsibilities

• Create and implement cyber security metrics across multiple platforms
• Maintain controls inventory following a defined controls management methodology.
• Provide compliance reporting against policies and standards.
• Maintain administration of documentation update cycles and associated reporting
• Collaborate with several IT and IS teams for generation of new metrics and updates to existing metrics.
• Provide suggestions for improvement on consolidation and ease of metrics generation.
• Present reports to management with suggestions on continuous improvement.
• Test and maintain accuracy of metrics data points and logic at regular intervals.
• Provide support on security awareness activities where required.
• Support incident response activities and administration.
• Create automation for metrics generation and process improvement.
• Understand and coordinate integration of various tools for data analytics.
• Coordinate incident response activities when required.
• Support third party administration activities such as inventory management and risk metrics.
• Manage risk register workflow and remediation activities.
• Create dashboards for leadership consumption and aid in budget and roadmap decision making.

Education

• Bachelor’s degree or related experience desired

Preferred

• Professional certifications, such as CompTIA Security+, CompTIA Cybersecurity Analyst, GIAC Security Essentials

Skills and Experience

• 5+ years of experience in information security, with at least 2 years of experience in data analytics and reporting
• Basic understanding of cybersecurity frameworks (NIST, ISO 27001, SOC, CIS Controls)
• Proficient understanding of programming languages and reporting tools
• Basic understanding of controls framework and compliance testing programs
• Must be able to work collaboratively in a team environment and independently
• Ability to handle multiple requirements from various process owners
• Experience with system and tools automation techniques and

Preferred

• Scripting and programming languages such as Python and JavaScript

Physical Demands (required to perform essential job functions)

Sedentary work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

• Sitting: Remaining in the seated position, particularly for sustained periods of time

• Walking: Moving about on foot to accomplish tasks, particularly for long distances or moving from one work site to another
• Lifting: Raising objects from a lower to a higher position or moving objects horizontally
• Carrying: Transporting an object, usually holding it in the hands or arms, or on the shoulder
• Pulling/Pushing: Using upper extremities to exert steady force upon an object so that the object moves toward or away from the force
• Bending/Stooping/Kneeling/Crouching: Bending body downward and forward by bending legs and spine, or by bending legs at knees
• Reaching: Extending hand(s) and arm(s) in any direction

Work Environment

The worker is not substantially exposed to adverse environmental conditions as in typical office or administrative work (normal light, air and space in the work environment)

Salary Information

Privacy Notice

For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.

Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, gender identity or expression, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, veteran’s status or any other legally protected status. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.