Summary of Position:
CACIB is seeking a highly motivated and detail-oriented Associate, Cyber Risk Management to join our growing cybersecurity and risk team. This role will play a central part in conducting internal cyber security reviews, including enterprise control, application level, and maturity assessments. The ideal candidate will have hands-on experience performing cyber risk assessments and strong foundational knowledge of cybersecurity controls and frameworks.
Key Responsibilities
- Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks
- Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness
- Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI
- Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results
- Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures
- Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes
- Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework
Additional Responsibilities
- Coordinate issue management and remediation, ensuring timely resolution of identified security risks and issues
- Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation
- Perform quality assurance checks on risk assessments and documented control gaps
- Support cybersecurity training and awareness initiatives to promote best practices across the organization
- Help identify opportunities to streamline assessment workflows and improve consistency across risk domains
Required Qualifications
- 2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline
- Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.)
- Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls)
Essential Education
Bachelor’s degree in cybersecurity, information technology, or related field
Desirable Education
- Advanced studies in information security or risk management
- CRISC, CISA certification or equivalent
Experience Required
2+ years in information security, risk management, or similar field
Required Competencies
- Analytical thinking - Strong ability to analyze technical and business risk with critical thinking
- Risk based judgement - Ability to evaluate and prioritize risks based on likelihood, impact, and control effectiveness
- Attention to detail – High level of precision in assessment documentation, issue tracking, and reporting
- Communication skills – Effective verbal and written communication
Skills & Knowledge Requirements
- Familiarity with risk assessment methodologies and cybersecurity frameworks (e.g., NIST CSF, ISO 27001, SIG, FFIEC)
- Experience with third party / vendor risk assessment processes and due diligence
- Strong organization skills with experience managing multiple tasks and assessments simultaneously
Skills & Knowledge Desirables
- Proficiency with reporting tools (e.g., Excel) and GRC platforms
- Knowledge of application security concepts and cloud security
- Understanding of regulatory environments such as NYDFS, SOX, SOC1 & 2 as they relate to cybersecurity
