Senior GRC Analyst at BGC Partners in New York, New York

Job Description:

Senior GRC Analyst

Cantor Fitzgerald's global Information Security team is seeking a candidate for a hands-on Sr. Governance, Risk and Compliance, (GRC) analyst. The successful candidate will need to be able to work in a fast-paced environment, planning, coordinating, and executing all facets of our NIST-based Cybersecurity program. The most effective candidate will need to work side by side, not only with our technical teams, but also with our Business and Product teams. Some of the duties, but is not limited to, will be ongoing internal audits, annual compliance and regulatory activities, Technology Risk, Enterprise Risk, Supply Chain Management, and Awareness.

Responsibilities will include:

• Track Cantor Fitzgerald's information security strategy and program are being implemented as planned as per compliance requirements.
• Work on internal and external audits such as annual SOx, PCI DSS, GDPR, HIPAA, and similar.
• Manage the remediation process including tracking and resolutions of findings from internal and/or external audit findings, risk assessments, and other control assessments.
• Develop and maintain a strong partnership with relevant global businesses and technical leaders and teams, including 3rd parties and affiliate businesses.
• Manage the training and awareness program, including a company-wide security champions, for all business functions to help make Information Security everybody's responsibility.
  
  

• BA/BS degree in Information Technology, Information Security, Computer Science, Computer Engineering, Information Security, Business, related field or experience.
• 4+ years of experience in Information Technology.
• Knowledge of IT Management frameworks and practices such as ITIL or COBIT.
• Knowledge of Project Management methodologies such as Waterfall or Agile
• Knowledge of Information security frameworks and practices such as ISO 27001 or NIST.
• Knowledge of Risk Management frameworks and practices such as ISF IRAM2, ISO 27005 or NIST SP 800-30
• Knowledge of Secure Development Lifecycle and Product Development.
• Excellent problem solving, critical thinking, and analytical abilities.
• High tolerance for ambiguity and complexity, and efficient with limited resources.
• Intellectual curiosity and passion to drive results.
• Track record of being a team player, embracing collaboration and listening to others.
• Proven record of being able to prepare and deliver both strategic and tactical briefing of highly technical matter to senior leadership and/or steering committee.
• Excellent communication, negotiation and presentation skills.
• Ability to effectively communicate, both orally and in writing, through all levels of the organization.
• Ability to multitask, manage priorities and work independently, sometimes during very tight deadlines.
• International work experience or experience working as part of a globally dispersed team.
• Certifications desired but not required: PMP, CISA, CISM, CISSP, Security+, etc.