Job Title: Cyber Risk Associate
Location: New York, NY
Type: Full time
Our client is looking for a Senior Associate to join our Technology & Cyber Risk team, supporting second line of defense activities with a strong focus on RCSA (Risk & Control Self-Assessment) validation. In this role, you’ll lead independent assessments of technology and cybersecurity controls, partner with cross-functional teams, and help strengthen overall risk governance and assurance.
What You’ll Do
- Lead and coordinate independent validations of technology and cyber RCSAs, covering ITGCs, infrastructure, applications, and cyber controls.
- Review, challenge, and assess control design, testing, and effectiveness.
- Work closely with technology, cyber, and first-line teams to ensure consistent and accurate validation activities.
- Document findings, highlight gaps, and ensure timely remediation.
- Support senior stakeholder engagement and escalation of significant issues.
- Apply strong project management discipline to track schedules, deliverables, and dependencies.
- Contribute to playbooks, templates, and validation methodologies.
- Prepare dashboards, reports, and audit-ready documentation for governance forums.
What You Bring
- 5–10+ years of experience in Technology Risk, Cyber Risk, IT Audit, or Operational Risk within a regulated environment.
- Hands-on experience validating or testing technology and cyber controls within an RCSA framework.
- Strong understanding of IT and cybersecurity domains such as IAM, network security, cloud, and application security.
- Familiarity with NIST, ISO 27001, COBIT, ITIL, CIS Controls, and regulatory expectations (OCC, FFIEC, PRA, EBA, DORA).
- Strong analytical, communication, and stakeholder management skills.
- Ability to manage multiple priorities and drive deliverables to closure.
- Bachelor’s degree in IT, Cybersecurity, Risk Management, or related field; Master’s preferred.
- Relevant certifications a plus: CISA, CRISC, CISSP, CISM, CCAK, PMP.
