Assessments & Exercises Associate

Embark on a journey to fortify our security framework, leveraging your skills in assessments and exercises. This role offers a platform to contribute to our relentless pursuit of cybersecurity excellence and resilience, presenting a unique chance to impact our strategic approach to risk management and operational integrity.

As an Assessments & Exercises Associate in Cybersecurity Technology and Controls Team, you will play a vital role in enhancing the firm's cybersecurity or resiliency posture. Use industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Collaborate with a team to conduct risk-driven tests and simulations and contribute to the development of assessment and test reports. Help evaluate preventative controls, incident response processes, and detection capabilities, and explore opportunities to automate evaluation operations.

Job responsibilities

• Collaborate with other Assessments & Exercises team members to conduct testing and simulations – including, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements
• Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Collaborate with cross-functional teams to analyze assessment outcomes and help develop recommendations
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, and industry best practices, and apply this knowledge to enhance the firm's security strategy and risk management

Required qualifications, capabilities, and skills

• 2+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises
• Working knowledge of common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
• Proficiency in at least one security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
• Strong collaboration and communication (written and verbal) skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts to diverse stakeholders

Preferred qualifications, capabilities, and skills

• Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Associate Business Continuity Professional (ABCP) – showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
• Knowledge/experience in modern programming language

#CTC