Tranzeal Incorporated
Senior Cyber Risk Management Engineer
Tranzeal Incorporated, San Francisco, California, United States, 94199
Seeking a Senior Cyber Risk Management Capability Assessor to evaluate the effectiveness of cyber risk management capabilities, including policies, processes, and technical controls. This role will involve conducting risk assessments using Delta Dental’s enterprise cyber risk management framework and collaborating with capability owners to enhance the framework based on emerging regulations and cybersecurity standards. The Assessor will manage issues, develop Plans of Action and Milestones (POAM), and support SOC 1/2 Type 2 audits and regulatory attestations (NAIC model laws and 23 NYCRR 500).
Key Responsibilities:
Cyber Risk Assessments:
Conduct comprehensive assessments of the organization's cyber risk management capabilities. Gap Analysis:
Identify gaps in cyber risk management and recommend improvements. Issue Management & POAM:
Develop and manage Plans of Action and Milestones (POAM) to address identified risks and vulnerabilities. Documentation & Reporting:
Create detailed reports on assessment findings, remediation plans, and performance metrics. Stakeholder Collaboration:
Work closely with technology, business, and cyber risk teams to enhance capability effectiveness. Compliance & Regulatory Alignment:
Ensure adherence to regulatory standards, including NIST 800-53, SOC 2, NAIC Model Law, 23 NYCRR 500, and HIPAA. Audit Support:
Assist in SOC 2 audits and prepare materials to support regulatory attestations. Required Qualifications: Education:
Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field. Certifications (Preferred):
CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent. Experience:
12+ years of experience in cybersecurity, compliance, risk assessment, or security auditing. Technical Skills:
Proficiency in NIST 800-53. Knowledge of cloud-based cyber risk controls (Azure and/or Oracle Cloud Infrastructure). Familiarity with DevOps, SAFe, and ITIL methodologies. Strong understanding of security architecture, technical controls, and data protection strategies. Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
Insurance and Hospitals and Health Care
#J-18808-Ljbffr
Conduct comprehensive assessments of the organization's cyber risk management capabilities. Gap Analysis:
Identify gaps in cyber risk management and recommend improvements. Issue Management & POAM:
Develop and manage Plans of Action and Milestones (POAM) to address identified risks and vulnerabilities. Documentation & Reporting:
Create detailed reports on assessment findings, remediation plans, and performance metrics. Stakeholder Collaboration:
Work closely with technology, business, and cyber risk teams to enhance capability effectiveness. Compliance & Regulatory Alignment:
Ensure adherence to regulatory standards, including NIST 800-53, SOC 2, NAIC Model Law, 23 NYCRR 500, and HIPAA. Audit Support:
Assist in SOC 2 audits and prepare materials to support regulatory attestations. Required Qualifications: Education:
Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field. Certifications (Preferred):
CISSP, CISA, CISM, CRISC, CAP, Security+, or equivalent. Experience:
12+ years of experience in cybersecurity, compliance, risk assessment, or security auditing. Technical Skills:
Proficiency in NIST 800-53. Knowledge of cloud-based cyber risk controls (Azure and/or Oracle Cloud Infrastructure). Familiarity with DevOps, SAFe, and ITIL methodologies. Strong understanding of security architecture, technical controls, and data protection strategies. Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
Insurance and Hospitals and Health Care
#J-18808-Ljbffr