.Job DescriptionWorking as part of the Regional Information Security Office within the IT department, the Sr Cyber Risk and Assurance Specialist will be responsible for supporting the day-to-day IT Security Governance, Risk and Compliance management functions. The role will include primary responsibility for managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.Key ResponsibilitiesCollaborate to define IT security standards and develop supporting organizational policies.Support IT security compliance assessments on new and existing systems, processes, and technology.Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.Work with various business units to ensure controls are adequate, appropriate, and effective.Support internal and external audit processes for relevant IT Security concerns including PCI-DSS, SOX.Perform business impact analysis and assist with the development of IT/InfoSec risk register.Interface with global IT and business partners to provide guidance and support about the IT Security landscape.Perform periodic gap assessments to validate compliance on an ongoing basis.Stay up to date and informed on developing regulatory concerns and changing regional IT and information security risk trends.Proactively look for, document, and escalate cyber security risks in the region as appropriate.QualificationsBachelor's degree in Computer Science, Information Technology, Cyber Security, Network/Telecommunications Engineering, Electronic/Electric Engineering or similar.Knowledge of project management methodologies such as Agile and/or PMBOK.Security risk management methodologies (Octave, ISO27005, NIST 800-30 / NIST RMF or similar).Certified Information Systems Security Professional (CISSP), CISM and/or equivalent (Desired).5 years of experience in:Assessing compliance, and/or supporting the adoption/implementation of:Security standards and best practices (ISO27001/2, NIST CSF/ NIST 800-53, CIS CSC, CMMC, or equivalent).Cloud security standards and best practices (CSA CCM).Privacy standards (GDPR, NYPA/NYS PPPL, ISO 27701/27018, Brazil LFPD, Habeas Data frameworks, or similar).Excellent stakeholder management skills, including technical members of staff and senior executives.Knowledge of project lifecycles, with understanding of CI/CD.Knowledge of threat modeling and risk assessment methodologies.Proven ability to follow incident management processes, managing stakeholders.Extensive understanding of IT technologies such as networking, servers, IoT, etc.Experience interpreting and applying information security standards and frameworks.Experience with Risk assessment standards such as: Octave, NIST 800-53, ISO27005.Knowledge of cloud security technology, with proven ability to apply knowledge to use cases (desired)