Responsibilities
-
Support customer third‑party security due diligence assessments.
-
Support or lead mitigation workshops to translate penetration test and assessment findings into prioritized remediation workplans.
-
Analyze technical findings and map them to governance, risk, and control gaps.
-
Review Implementation of technical security controls.
-
Perform security maturity assessments, including reviews of organizational policies, standards, procedures, and governance practices, aligned with the NIST CSF 2.0 cybersecurity framework.
-
Produce clear, structured reports and executive‑ready summaries for technical and non‑technical audiences.
Qualifications
-
1–2 years in cybersecurity GRC, IT risk, compliance, audit/assurance, or related process‑oriented security roles.
-
Strong understanding of governance, risk management, and operational processes.
-
Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001 concepts), risk assessment, mitigation planning, and third‑party risk management.
-
Basic conceptual understanding of cloud/SaaS shared responsibility models.
-
Ability to communicate technical issues in business‑aligned language.
-
Strong writing, communication, and facilitation skills.
-
Comfortable collaborating with internal stakeholders and external customers.