IT RISK and Cybersecurity Specialist in BUFFALO-NIAGARA FALLS AREA

We are seeking a Strategic IT Risk and Cybersecurity Specialist to elevate our client’s technology risk management framework. As a key member of their technology organization, you'll drive critical risk assessments, validate complex control mechanisms, and help transform their approach to cyber and technology risk. Join a stable, 165-year-old financial organization that values innovation, integrity, and continuous improvement, offering a comprehensive compensation package including base salary, cash bonus, and equity.

Key Responsibilities

• Develop and implement strategic risk assessments across all technology capabilities.
• Establish and execute risk management frameworks aligned with business and regulatory requirements, including process mapping and risk controls self-assessments.
• Enforce compliance frameworks, provide expert guidance, and continuously assess regulations.
• Collaborate with cross-functional teams and leadership to align technology practices with business goals and regulatory standards.
• Lead regulatory response efforts, ensuring accuracy, document organization, and exam management.
• Drive innovation in risk management by identifying advanced methodologies to address evolving threats.

Role Requirements

• 7 years in role related to technology operations, internal control or compliance role, IT risk management frameworks, laws and regulations.
• Strong knowledge and hands-on experience with Risk and Control Self-Assessments (RCSA).
• Working knowledge of NIST SP800-53 and 800-53a Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO
• Strong knowledge of cybersecurity principles and industry best practices (relevant to confidentiality, integrity, availability)
• Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)
• Skilled in evaluating security controls based on confidentiality, integrity and availability requirements of systems
• Experience with handling multiple projects

Education and certifications

• Bachelor’s degree in IT, Cybersecurity, or related field
• Certifications: CISA, CISSP, CISM, CRISC, CAP
• Knowledge of ISO, COBIT, project management, IT audit

Relocation assistance provided