Cyber Security Expert

Effective Cyber Security Risk Management is crucial for organizations to safeguard their operations while driving growth.

Cybersecurity specialists empower clients across industries by delivering tailored strategies and insights that mitigate complex cybersecurity challenges.

The successful candidate will bring a strong mix of advisory skills, technical understanding, and client-facing experience to help organizations build resilient vendor ecosystems.

• Lead comprehensive vendor due diligence assessments reviewing evidence such as SOC 2, ISO 27001, HIPAA / HiTRUST certifications, penetration tests, and security policies.
• Assess third-party control environments against frameworks and regulations including NIST CSF, ISO 27001, GDPR, PCI-DSS, HIPAA, and HiTRUST.
• Develop, implement, and enhance third-party risk governance programs aligning them with enterprise risk management objectives.
• Provide executive-level advisory translating technical risk findings into business-aligned recommendations.
• Support clients in leveraging GRC platforms to streamline risk assessments, monitoring, and reporting.
• Present results to senior stakeholders (CISOs, Risk Committees, Procurement Leaders) in a clear, business-aligned manner.
• Collaborate with internal teams and client stakeholders to track remediation progress and validate corrective actions ensuring risks are managed effectively.
• Contribute to business development efforts supporting go-to-market strategies and assisting with proposals related to third-party governance services.

The ideal candidate will possess a Bachelor's or Master's degree in Cybersecurity, Information Assurance, or related field, along with 5+ years of experience in cybersecurity, risk management, or IT audit, with significant focus on third-party / vendor risk governance.

Professional certifications such as CISM, ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CTPRP are highly valued. Strong analytical and advisory skills, with the ability to evaluate technical details and deliver clear, executive-ready insights are also required.

Exceptional communication and client-facing presence, with experience engaging stakeholders in regulated industries (financial services, healthcare, government, etc.) is necessary.