CrawlJobs Logo

Cybersecurity Risk and Controls Framework Expert

United States, Spring Employment contract 105500.00 - 243000.00 USD / Year · Job Posted November 11, 2025
Apply Position
Job Link Share

Job Description

We are seeking a Cybersecurity Risk and Controls Framework Expert to analyze regulatory compliance, business and operational risk requirements related to cybersecurity and develop a framework against which control requirements can be defined and applied

Job Responsibility

  • Support Governance, Risk and Compliance leadership in delivering various risk overview summaries
  • Contribute to the development of the Cyber risk governance framework by leveraging existing frameworks
  • Facilitate a gap analysis of current processes against the Risk management framework
  • Provide subject matter expertise on the control framework, policies, standards and guidelines
  • Analyze current controls against the control framework
  • Ensure effective communication of changes to risk governance frameworks
  • Work with regional representatives to coordinate regulatory scanning
  • Provide expert opinion on HPE’s risk and effectiveness of policies
  • Handle questions on cyber policies and standards
  • Deliver presentations and updates to key stakeholders
  • Provide insights to business and technology partners on risks

Requirements

  • Expert in a broad range of Information Security domains (e.g., Application Security, Cloud Security, Network Security, Data Security, Infrastructure Security)
  • Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, ISO 27001)
  • Proven experience in risk assessments and analysis
  • Proven experience in defining and implementing cybersecurity policies, standards and guidelines across multiple platforms
  • Strong organizational skills and attention to detail
  • Ability to work effectively with technical and non-technical stakeholders
  • Excellent documentation, communication, and problem-solving skills

Nice to have

  • Experience working with various industry standards and frameworks on risks and controls
  • CISSP, CRISC, or similar certifications
  • 5-7 years of experience in Information Security, IT Governance, and/or Risk Management

What we offer

  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cybersecurity Risk and Controls Framework Expert

8 matching positions

Cybersecurity Risk and Controls Framework Expert

Cybersecurity Risk and Controls Framework Expert to analyse the regulatory compl...
Location
Location
United States , Spring
Salary
Salary:
105500.00 - 243000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Security, Information Technology, Risk Management or a related field, or equivalent experience
  • CISSP, CRISC, or similar certification
  • 5-7 years of experience in Information Security, IT Governance, and/or Risk Management
  • 5+ years of experience working with various industry standards and frameworks on risks and controls (e.g. ISO 27001, NIST CSF, COBIT)
  • Expert in a broad range of Information Security domains (e.g., Application Security, Cloud Security, Network Security, Data Security, Infrastructure Security)
  • Strong understanding of cybersecurity control frameworks (e.g., NIST CSF, ISO 27001)
  • Proven experience in risk assessments and analysis
  • Proven experience in defining and implementing cybersecurity policies, standards and guidelines across multiple platforms
  • Strong organizational skills and attention to detail
  • Ability to work effectively with technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Support Governance, Risk and Compliance (GRC) leadership in delivering various risk overview summaries
  • Contribute to the development of the Cyber risk governance framework
  • Facilitating a gap analysis of the current processes against the Risk management framework
  • Provide subject matter expertise on the control framework, policies, standards and guidelines
  • Analyse the current suite of controls against the control framework
  • Ensure that changes to risk governance frameworks are effectively communicated
  • Work with regional representatives to coordinate the scanning for regulatory changes related to cybersecurity
  • Provide expert opinion on HPE's risk and effectiveness of our policies and standards
  • Support the handling of questions pertaining to cyber policies and standards from regulators, partners and customers
  • Deliver presentations and updates to key business and technology stakeholders
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Senior Manager, Risk Advisor, Technology and Data Risk Management

Senior Manager, Risk Advisor, Technology and Data Risk Management at Capital One...
Location
Location
United States , Richmond
Salary
Salary:
182500.00 - 229100.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree or military experience
  • At least 6 years of experience managing, consulting, or auditing in the fields of risk management, information security or technology
  • At least 5 years of experience performing or challenging risk assessments leveraging qualitative and quantitative methodologies (COSO Framework, quantitative analysis, Factor Analysis Information Risk (FAIR), Process, Risk & Control (PRC) library, Risk and Control Self Assessment (RCSA), scenario analysis, new initiative risk assessments)
  • Professional security management certification (Open FAIR, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC))
Job Responsibility
Job Responsibility
  • Lead independent risk analysis workshops
  • Apply quantitative and qualitative risk assessment methodologies
  • Understand the stack of controls
  • Identify new approaches to reducing risk
  • Systematically review, analyze, aggregate and compare outputs of different assessments
  • Influence 1st Line to drive definition and prioritization of high leverage risk reduction initiatives
  • Provide expert guidance and mentorship across TDRM
  • Foster strong working relationships with other 1st and 2nd Line groups
  • Expertly navigate the Enterprise Risk Management framework
  • Shape and further refine the risk program
What we offer
What we offer
  • Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Embedded Product Cybersecurity Expert / ISO 21434, IEC 62443

As a Cybersecurity Engineer – Embedded Products, you will play a central role in...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Software, Electrical, Computer, or Automotive Engineering or a related field
  • 3–10 years of experience in automotive cybersecurity or embedded systems cybersecurity, with hands-on experience on TARA based on ISO/SAE 21434 processes
  • Solid foundation in embedded systems architecture, including deep understanding of MCU/SoC design constraints, real-time and Linux-based environments
  • Proficient with boot architectures and low-level debugging using interfaces such as JTAG, XCP and SWD
  • Solid understanding of communication protocols (CAN, CAN-FD, Automotive Ethernet, SOME/IP, UDS, UART, SPI, BT, Wi-Fi, USB, NFC, cellular, RF, etc.), and embedded security mechanisms (cryptography, secure boot, secure communication, key management, hardware root of trust, debug protections, memory protection, key storage and secure update mechanisms)
  • Proven ability to define Cybersecurity Goals and claims, derive Requirements, and ensure traceability through the development lifecycle
  • Excellent analytical, problem-solving, and documentation skills
  • Ability to work collaboratively with multi-disciplinary, multi-site engineering teams
Job Responsibility
Job Responsibility
  • Perform a comprehensive risk assessment of the current system architecture and identify item-level functions by applying the TARA process via recognized methods (e.g., ISO/SAE 21434 TARA, STRIDE, or similar)
  • Build and review item definitions, identify critical assets, potential attack vectors, threat scenarios, and evaluate associated risks at both ECU and vehicle levels
  • Derive Cybersecurity Goals and Cybersecurity Requirements (hardware, firmware, and system-level design) from the TARA results and ensure traceability throughout the product development lifecycle
  • Contribute to the Cybersecurity Concept (CSC) and ensure alignment with ISO/SAE 21434 and regulatory requirements
  • Collaborate with system, software, and hardware engineering teams to integrate recommended security measures (cryptography, secure boot, secure communication, key management, hardware root of trust, debug protections, memory protection, key storage and secure update mechanisms)
  • Evaluate protocols usage and propose cybersecurity countermeasures such as authentication, encryption, replay protection, secure pairing, and robust key management
  • Support validation activities for cybersecurity controls and participate in audits, reviews, and documentation of findings
  • Support compliance and customer requirements aligned with standards and frameworks (as applicable): CRA, ISO/SAE 21434, RED-DA, IEC 62443, NIST, etc
What we offer
What we offer
  • Hybrid Work
  • Industry leading medical, dental, and vision Insurance
  • Access to a telemedicine service
  • RRSP program
  • Personal and sick days
  • Recreation room with pool table and foosball table
  • Fulltime
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Network and Cybersecurity Service Delivery Lead

We are currently seeking a Network and Cybersecurity Service Delivery Lead to jo...
Location
Location
United States , Rockville
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's degree, or One-and-one-half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 10 years of experience in enterprise network engineering and operations
  • Minimum 10 years of experience in cybersecurity engineering or security operations
  • Minimum 5 years of experience leading a team of engineers to design and implement enterprise network architectures for 3,000+ users and multi-site WANs
  • Minimum 5 years of experience with at least two enterprise networking technologies such as Cisco (Catalyst, Nexus, ACI, SD-Access), Juniper Junos, or equivalent platforms
  • Minimum 5 years of experience with Layer 2 - 3 networking and at least 3 years with layer 4 - 7 technologies, including routing protocols (BGP, OSPF, EIGRP), VLANs, spanning tree, QoS, and load balancing
  • Minimum 3 years of experience implementing and managing network security technologies, including firewalls, VPNs, NAC, IDS/IPS, and secure segmentation strategies
  • Minimum 5 years supporting cloud and hybrid cloud networking architectures in AWS or Azure
  • Minimum 3 years of experience working in regulated federal environments with document exposure to security frameworks such as NIST 800-53, RMF, FISMA, or FedRAMP
  • Must be a US citizen who has the ability to obtain a Public Trust Security Clearance
Job Responsibility
Job Responsibility
  • Lead the architecture, design, and engineering of enterprise network infrastructure, including routing, switching, inter-site connectivity, and secure external integrations
  • Develop and maintain network roadmaps aligned with evolving business, scientific, security, and regulatory requirements
  • Evaluate, test, and implement emerging networking technologies to maintain a modern, scalable, and resilient infrastructure
  • Provide expert-level technical guidance on network design supporting data centers, HPC environments, enterprise hosting platforms, and hybrid cloud integrations
  • Oversee day-to-day network operations, including configuration management, patching, upgrades, hardware lifecycle management, and incident troubleshooting
  • Ensure timely detection, escalation, and resolution of network incidents, including after-hours support when required
  • Monitor network performance and availability
  • perform root cause analysis and trend forecasting to improve reliability and service delivery
  • Ensure adherence to change management and configuration management standards, maintaining accurate and current technical documentation
  • Collaborate with cybersecurity teams to implement secure network configurations, segmentation, access control, and monitoring capabilities
  • Fulltime
Read More
Arrow Right

IT Risk and Compliance Specialist

We are looking for an experienced IT Risk and Compliance Specialist to join our ...
Location
Location
United States , Littleton
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience with cybersecurity frameworks, IT governance, and compliance standards
  • Proven ability to write clear and concise IT policies, procedures, and technical documentation
  • Solid understanding of IT systems, including networks, servers, endpoints, cloud platforms, and security tools
  • Expertise in asset inventories, software inventories, and vulnerability management
  • Strong collaboration skills to work with technical teams and translate processes into actionable documentation
  • Familiarity with project management tools such as Monday.com or similar platforms
  • Ability to work independently and manage documentation deliverables with minimal supervision
  • Excellent organizational and communication skills to ensure high-quality outputs
Job Responsibility
Job Responsibility
  • Create, update, and maintain IT policies, procedures, and documentation aligned with security frameworks
  • Analyze existing cybersecurity practices to identify gaps and recommend documentation improvements across approximately 15 domains
  • Develop materials for areas such as enterprise asset control, software management, vulnerability management, and malware defenses
  • Collaborate with internal subject matter experts and technical teams to gather accurate information for documentation
  • Build and track compliance artifacts while ensuring they meet regulatory and organizational standards
  • Access sensitive systems and environments to collect necessary data for documentation
  • Ensure documentation is structured, stored, and updated consistently to support compliance efforts
  • Provide estimates on time, effort, and scope required to achieve compliance goals
  • Utilize workflow and project management tools effectively to coordinate documentation deliverables
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligible to enroll in our company 401(k) plan
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right

OT Cybersecurity Expert

We are seeking a highly skilled OT (Operational Technology) Cybersecurity Profes...
Location
Location
India , Navi Mumbai
Salary
Salary:
Not provided
percivon.com Logo
Percivon
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or master’s degree in ECTC, computer science, Cybersecurity, or a related field
  • Minimum 4 years of experience in OT cybersecurity or industrial control systems security
  • Hands-on experience with SCADA systems, PLCs, DCS, and industrial network protocols (e.g., Modbus, OPC, BACnet, Profibus)
  • Knowledge of cybersecurity frameworks like IEC 62443, NIST 800-82, and ISO 27001
  • Proficiency in Claroty’s tools and software like CTD, SRA etc.
  • Strong understanding of network segmentation, firewall policies, and secure remote access solutions
  • Certifications or strong practical know how on (multiple if not all) – ISA/IEC 62443 Cybersecurity Certificates, Certified SCADA Security Architect (CSSA), Certified Information Systems Security Professional (CISSP), CompTIA Security+, Offensive Security Certified Professional (OSCP), Certified Information Systems Auditor / Manager (CISA) / (CISM)
  • Excellent problem-solving and analytical skills
  • Familiarity with safety instrument systems (SIS) and knowledge of industry standards such as IEC 61511
  • Excellent problem-solving skills and attention to detail
Job Responsibility
Job Responsibility
  • Design and Deployment: Architect and implement advanced security solutions tailored to OT environments, such as network segmentation, firewall configurations, and secure remote access gateways
  • Threat Detection and Response: Configure OT-specific intrusion detection systems (IDS), intrusion prevention systems (IPS), and anomaly detection tools of products from companies like Nozomi Networks or Claroty
  • Protocol Analysis: Analyze and secure industrial network protocols (e.g., Modbus, OPC-UA, DNP3, Ethernet/IP, Profibus, Profinet and other fieldbus protocols) against vulnerabilities and unauthorized activity
  • Security Hardening: Implement device hardening practices on PLCs, RTUs, and HMIs, legacy products, including secure firmware updates, role-based access control, and default credential elimination
  • Incident Management: Establish incident response plans for OT environments, including preparation, detection, containment, eradication, recovery, and post-incident review
  • Vulnerability Management: Conduct regular vulnerability scanning and patch management for OT systems, ensuring minimal downtime while adhering to operational requirements
  • Secure Integration: Lead the secure integration of IT-OT environments, ensuring compatibility while minimizing cybersecurity risks, such as lateral movement threats
  • Continuous Monitoring: Configure and maintain Security Information and Event Management (SIEM) systems specifically for OT environments to identify and respond to threats in real time
  • Compliance Audits: Perform in-depth compliance audits for standards like IEC 62443, NIST 800-82, and other relevant frameworks, ensuring regulatory alignment
  • Red Teaming and Penetration Testing: Simulate cyberattacks to test the resilience of OT systems, document findings, and implement necessary remediation measures
  • Fulltime
Read More
Arrow Right