POSTED Mar 28

Cyber Security Analyst II _ GRC Specialist

PRIMARY FUNCTION:

The Cyber Security Analyst II – GRC (Governance, Risk and Compliance) Specialist is responsible for conducting risk assessments of enterprise-wide systems, applications, network and network connected devices to ensure compliance with the implementation and maintenance of controls mandated by Jefferson security policy and standards. The role requires partnership with IT, business owners, and third parties towards implementing a safe and secure solution. This position is intended to provide highly skilled compliance and information security expertise for assessing Jefferson’s compliance and risk posture related to its information assets. It also requires the support of cyber security initiatives through predictive and reactive analysis, articulating emerging trends to leadership and staff.

ESSENTIAL FUNCTIONS:

Performs risk assessments of Jefferson information computing assets and business processes to identify information security risks and regulatory non-compliance, and support remediation efforts
Ensures that risk assessments are conducted promptly with required completeness and accuracy
Provides strong customer service with third parties to cultivate relationship and ease of doing business
Provides guidance and support to IT and business to ensure continued compliance
Participates in projects to identify and validate critical controls to address IT and business risks and identified deficiencies

Provides support with Issues, Exception, and Incident Management, as needed
Participates in the creation and update of policies, procedures and standards to assure they are managed to support security, compliance and regulatory requirements
Endorses and supports a compliance culture
Promotes security awareness to the enterprise to reinforce workforce education on security standards, policies and best practices
Maintains familiarity with HIPAA and other Information Security regulations

OTHER FUNCTIONS AND COMPETENCIES:

Active team player in cyber security projects at Jefferson
Effective interaction skills in both oral and written communication
General concept and knowledge of Issue, Exception and Incident Management
Supports other information security operations as required _________________________________________________________________________

EDUCATIONAL/TRAINING REQUIREMENTS:

Bachelor’s degree in an information technology field preferred

_________________________________________________________________________

CERTIFICATES, LICENSES, AND REGISTRATION:

At least one information security certification, such as a SSCP, CISA, CISM, CISSP, CRISC, or professional certificate is a plus. ISACA certification is preferred.

_________________________________________________________________________

EXPERIENCE REQUIREMENTS:

At least five years’ experience in an information security function, ability to multi-task, a keen eye for detail, excellent follow-through, strong organizational skills, the ability to thrive in fast-paced, high-stress situations, ability to communicate cyber security issues to peers and management via oral and written format. 5+ years’ solid understanding of Cyber Security & IT controls, network / systems / application penetration testing and vulnerability assessments. Experience with NIST and ISO frameworks. Solid knowledge of HIPAA, HITECH, FERPA, and other IT security governing bodies. Experience working with a Governance Risk and Compliance tool is a plus.

View all jobs posted by this company

Apply Now!

Resume

You don't have a resume loaded to the system, so this application won't include any resume attachment. If you don't have a resume to upload, you can use the cover letter area below and include a link to your resume if you prefer.

Resume

Cover letter

My passion for cybersecurity stems from a lifelong fascination with technology and problem-solving. In my early education I was interested in attending conferences and seminars of Information Technology, I was always drawn to understanding how things worked and how to build them. This natural curiosity naturally gravitated towards the ever-evolving world of cybersecurity.
My experience as a Cybersecurity Engineer in the past of 2 years with various certifications, by attending workshops and current at Secure Point 360, LLC further solidified my desire for a STEM career. Here, I thrived in the fast-paced environment, identifying and mitigating security risks for clients. Managing and monitoring SP360 as the unified endpoint management and admin instilled the importance of continuous vigilance in safeguarding data across various platforms (cloud, endpoints, servers, SAST). These experiences not only honed my technical skills but also showcased the critical role cybersecurity plays in protecting our digital world.
I am confident that I can make a significant contribution to your team. I have attached my resume for your review and would be grateful for the opportunity to discuss my qualifications further. Thank you for your time and consideration.
URL: https://www.linkedin.com/in/kenvishah/

Cover letter

MANON GUEGUEN
Paris, France – +33627310646 – manongueguen@protonmail.com
I am an accomplished analyst combining an expertise in geopolitics and cybersecurity. This background gives me a unique perspective on the current threat landscape. When it comes to my career, I am willing to relocate as my first wish is to evolve in an international environment. Personality-wise, I am a very active person, stimulated by ever-changing situations and new encounters.
EXPERIENCE
ALMOND Sèvres, France
Cybersecurity consulting
Cyber Threat Intelligence Analyst
JANUARY 2023 – TODAY
● Develop a new CTI service from scratch (decision making regarding the roadmap, initiate new projects, design
technical, tactical, and strategic intelligence reports, developing working methodologies, leading meetings, create
synergies with the SOC/CERT team and other business units, participate in the commercial strategy)
● Writing of intelligence reports: retail and financial sectors, data breach, threat landscape analysis, APT, ransomware etc
(strong understanding of the evolution of techniques, tactics and procedures (TTPs), cyber kill chain reconstruction,
edit and review content to match high quality standards)
● Writing of briefings on cyber events to different types of publics: technical, non-technical, journalists, senior
executives and CEOs (be quick to verify real-time news, articulate complex information with clarity and brevity)
● Writing of analysis on complex geopolitical issues (critical thinking, elaborate visuals and infographics)
● Writing of a study on the insider threat (critical thinking, collect and analyze data)
● Technology policy (AI, cyber laws) and threat actors’ monitoring (curiosity, strong organizational skills)
● Training on the basics of cybersecurity: key concepts, cryptography, OWASP, OSI, TCP/IP, network layers… (high
learning ability)
● Investigating SIEM alerts (OSINT, process the alerts raised in the SOAR, qualify incidents, ensure the follow-up)
● Give presentations to clients and collaborators (strong interpersonal and networking skills, e.g. highlighting key
conferences from Botconf 2023)
INSEAD Fontainebleau, France
Education
Exam invigilator NOVEMBER 2022 – DECEMBER 2022
XMCO Paris, France
Cybersecurity consulting
Threat Intelligence Analyst JUNE 2022 – OCTOBER 2022
● Daily writing of cybersecurity newsletters and alerts (threat criticality assessment, cyber kill chain reconstruction,
monitoring open and closed intelligence sources, good contextual analysis skills)
● Follow-up with clients (ability to popularize complex ideas and concepts)
● Research, identification and qualification of fraud schemes (good investigative skills)
● Elaboration of an economic intelligence service
● Technology development and threat actors’ monitoring (identify relevant content and conferences)
● Acquisition of technical skills (bash, network architecture…)
BOULANGERIE BLOT Melun, France
Bakery shop
Saleswoman SEPTEMBER 2021 – MAY 2022
ADVINTEL New York City, United-States (Remote)
Cybersecurity consulting
Threat Intelligence Analyst Intern APRIL 2021 – AUGUST 2021
● Mastery of the intelligence lifecycle (OSINT, HUMINT, SIGINT) and threat prevention through investigations (strong
research capabilities to gather information from various sources)
● Intelligence research and analysis, cybercrime research and investigation, finished intelligence products for 450+
customers, data analysis (knowledge of different types of malware, botnet groups, ransomware syndicates, TTPs, cyber
fraud and loss prevention, well-developed investigative mindset, good understanding of underground forums)
EDUCATION
GRENOBLE-ALPES UNIVERSITY Grenoble, France
MASTER’S DEGREE IN INTERNATIONAL SECURITY AND DEFENSE 2020 – 2021
● Cybersecurity: application of international law to cyberspace, states’ cyber capabilities, analysis of the notion of
cyberwar, global growth of the cybersecurity market
● Geopolitics: thesis on the diplomatic and strategic stakes of China’s involvement in cyberspace
ÉCOLE D’URBANISME DE PARIS Champs-sur-Marne, France
MASTER’S DEGREE IN URBAN PLANNING 2019 – 2020
PARIS 1 PANTHÉON-SORBONNE UNIVERSITY Paris, France
BACHELOR’S AND MASTER’S DEGREE IN GEOGRAPHY 2013 – 2017
SKILLS AND INTERESTS
● Technical: Python (beginner), MITRE ATT&CK, Maltego, Office 365, Agile, Scrum, ArcGIS, QGIS
● Languages: French (native), English (TOEIC 2019: 915/990), Mandarin (B1), Spanish (B1), Russian (beginner)
● Interests: defense, politics, academic research (press, conferences, life-long learning)
● Volunteering: Cyber Peace Institute (conduct phishing exercices and cybersecurity awareness trainings

View all jobs