Cybersecurity Assessor

New York, NY
Full Time
Mid Level
 The Cybersecurity Assessor evaluates enterprise systems, networks, and applications to identify vulnerabilities, assess risks, and ensure compliance with security policies and regulatory standards. They provide actionable recommendations and collaborate with technical and business teams to strengthen security controls and reduce organizational risk.
 
Key Requirements
  • Expertise in GRC methodologies, security control auditing, and third-party risk assessments. Proven ability to interpret federal compliance mandates (NIST SP 800-53, 800-37) and evaluate technical and administrative controls. Strong competency in conducting "Security Impact Analyses" and managing Plan of Action and Milestones (POA&M) documentation. Compliance & Assessment Support: Conduct security and compliance assessments across internal systems and third-party vendors, supporting adherence to organizational and regulatory requirements.
  • Third-Party Risk Assessments: Evaluate the security practices of external service providers and assist with managing vendorrelated risks throughout the assessment of lifecycle.
  • Findings & Remediation Tracking: Analyze assessment results, document findings, and support remediation efforts by tracking issues and helping teams prioritize corrective actions.
  • Cross-Functional Coordination: Work with business and technical stakeholders to clarify compliance requirements and support the resolution of identified risks within accepted thresholds.
  • Risk Documentation & Reporting: Use risk management tools and reporting dashboards to maintain assessment documentation, track risk metrics, and contribute to security posture reporting.
  • Cross-Functional Synergy: Serve as a bridge between Business Analysts and Cybersecurity Engineers, translating compliance requirements into actionable remediation tasks while maintaining organizational risk thresholds.
  • GRC Tool Proficiency: Use industry-standard GRC platforms (e.g., Archer, ServiceNow) and Third-Party Risk tools (e.g., OneTrust, Prevalent) to centralize documentation and streamline assessment workflows.
  • Data-Driven Risk Reporting: Convert complex assessment findings into actionable insights with Power BI and Excel, maintaining dashboards that communicate enterprise security posture to stakeholders.
  • Security Control Execution & Validation: Perform daily RMF lifecycle control assessments, including evidence collection, walkthroughs, testing of technical/administrative controls, and POA&M tracking to ensure risk remains within tolerance.
 
Experience: 5+ years
Certifications: CISA, CRISC, CGEIT, CISSP, CompTIA Security+, CCSK, CAP/ISC2 CGRC
Technologies: GRC Platforms (Archer/ServiceNow), Third-Party Risk Tools (OneTrust/Prevalent), MS Excel (Advanced),
MS Power BI, MS Visio, JIRA, and Microsoft Office Suite.

“We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status”

Texting Privacy Policy

  • Message type: Informational; you will receive text messages regarding your application and potentially regarding interview scheduling.
  • No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
  • Message frequency will vary depending on the application process.Msg & data rates may apply.
  • OPT out at any time by texting "Stop".
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*