Cyber Risk Quantification Consultant
4 weeks ago
**The Opportunity**
This role will be accountable for establishing and maintaining a cyber risk quantification methodology and will work closely with key cyber and IT governance teams including the ETX Governance and Risk team and the Security Intelligence team to ensure changes to internal controls and the external cyber threat landscape are factored into our cyber risk calculations.
**The Team**
The Cyber Risk Quantification Consultant sits within MassMutual’s Enterprise Technology Experience (ETX) division, within the Enterprise Cyber Security (ECS) department and focuses on building our Cyber Risk Quantification efforts to effectively measure and report on changes and contributing factors to the MassMutual’s cyber risk level.
**The Impact**
- Establish a cyber risk quantification methodology that effectively details inputs, outputs, and measurements for cyber risk at MassMutual.
- Identify appropriate sources for cyber risk reporting and opportunities for automation of data inputs/outputs.
- Participate in the maintenance and continuous improvement of the cyber risk register based on knowledge of the business, cyber threat landscape, and National Institute of Standards and Technology (NIST) cybersecurity frameworks.
- Partner with the ETX Governance & Risk and Security Intelligence teams to ensure results from controls effectiveness testing are captured as part of residual risk calculations and that emerging cyber threats are factored into inherent cyber risk calculations.
- Work with ETX Risk and BISO teams to track open mitigations as part of the cyber risk register and hold business owners accountable for completing risk mitigation activities.
- Collaborates closely with the Security Intelligence team to understand changes in the cyber threat landscape and determine potential impact to MassMutual’s inherent cyber risk score.
- Collaborate with second
- and third-line control areas including Corporate Audit, Financial Risk Reporting, and Enterprise Risk.
- Interface with internal team members and key stakeholders to provide accurate visibility into cyber risks, including partnering with Data Science, as needed.
- Collaborates with members of ECS and other risk areas including Enterprise Risk Management
- Communicate and champion the program roles and initiatives.
- Prepare risk reporting dashboards and recommend/build enhancements to ensure consistent alignment with risk environment changes and updates.
- Quantify and prepare metrics to demonstrate residual risks, prioritize remediation actions, and/or outline and facilitate criteria for risk acceptance.
- Work with cyber security function leadership to prepare and report Key Risk Indicator (KRI) data for dashboards and metrics.
**Minimum Qualifications**
- Bachelors degree
- 8+ years in Cyber Security, Technology Risk Management, Cyber Security Program Management, or a related field.
- 1+ year with all aspects of cyber-security risk including - identification, analysis, quantification, and remediation strategies.
- 1+ year with MITRE ATT&CK and Cyber Kill Chain, including Tactics, Techniques, and Procedures (TTPs)
- 1+ year with threat modeling or other mechanisms for identifying internal cyber risk.
- 1+ year of applied knowledge of cybersecurity risk and control frameworks such as NIST CSF, NIST 800-53, CMMC, ISO 27K series, CIS Critical Security Controls, CSA Cloud Control Matrix, etc.
**Preferred Qualifications**
- Possession of or willingness to pursue related certifications (CRISC, CCSP, CISSP, etc.)
- Exceptional relationship management - building and maintaining collaborative partnerships across all levels of an organization.
- Strong communication skills and ability to influence others.
- Proven ability to articulate the why and to enable fact-based decision making.
- Excellence in Execution - Ensuring commitments are met and ensuring key stakeholders are constantly informed of status.
- Strong leadership qualities and business acumen and an ability to communicate with all levels of the organization.
- Strong written and verbal communication skills
- Self-starter who is willing to take on new challenges in response to the changing cyber threat landscape.
- Excellent written and verbal communication skills.
- Demonstrated success in guiding and influencing sound cyber risk and security remediation strategies aligned with core business objectives and risk appetite.
- Ability to deal with the ambiguity associated with working in a fast paced and changing environment.
- Experience or knowledge in life insurance and/or financial services products and services.
- Business acumen experience in key enterprise technology and business areas.
LI-RK1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
-
Springfield, United States Hybrid Pathways Full timeJob DescriptionJob DescriptionAbout the opportunity:Hybrid Pathways is seeking a highly skilled and motivated Third-Party Risk Management Cyber Security Purple Team Analyst to join a dynamic team. As a Third-Party Risk Management Purple Team Analyst, you will play a crucial role in enhancing the customer’s organization's overall cybersecurity posture...
-
Cyber Security Analyst
3 weeks ago
Springfield, United States CoxHealth Full timeSummary 5x Modern Healthcare Best Places to work America’s Greatest Workplaces 2023 – Newsweek Best Employers for New Grads 2023- Forbes Greatest Workplace for Women 2023 - Newsweek Robust, fully customizable benefits package including Medical/Vision/Dental and more! No cost eCare visits Employer-provided mental health services for employees and...
-
Intelligence Operations Specialist
1 week ago
Springfield, United States Transportation Security Administration Full timeThis Intelligence Operations Specialist - Cyber Analyst position is located Intelligence and Analysis, Transportation Security Administration, Department of Homeland Security (DHS). Duties include but are not limited to: Monitors, research, reports, and initiates products and briefings on multiple, varying, complex, specialized assignments related to cyber...
-
Intelligence Operations Specialist
3 weeks ago
Springfield, United States Transportation Security Administration Full timeThis Intelligence Operations Specialist position is located within Operations Support (OS), Intelligence & Analysis (I&A), Transportation Analysis Division (TAD), Transportation Security Administration (TSA), Department of Homeland Security (DHS). Additional duties include but are not limited to: Monitors, researches, reports, and initiates products and...
-
Cyber Security Analyst
1 week ago
Springfield, United States CoxHealth Full timeSummary Best in Class Work Environment5x Modern Healthcare Best Places to workAmerica’s Greatest Workplaces 2023 – NewsweekBest Employers for New Grads 2023- ForbesGreatest Workplace for Women 2023 - NewsweekBenefitsRobust, fully customizable benefits package including Medical/Vision/Dental and more!No cost eCare visitsEmployer-provided mental health...
-
Springfield, United States TENICA and Associates LLC Full timeThe Cyber Data Science Engineer provides support to the customer in the area of Cyber Security. Daily Tasks include, but are not limited to: The Cyber Systems Engineer provides SETA support to the customer in the area of Cyber Security Operations. Daily tasks include, but are not limited to: * Compile's information to develop the weekly, monthly, and annual...
-
Data Science Cyber Systems Engineer
3 weeks ago
Springfield, United States TENICA and Associates LLC Full timeData Science Cyber Systems Engineer - Careers At Tenica and Associates Share with friends or Subscribe! Back To Openings Data Science Cyber Systems Engineer Department: Govt Customer-Springfield Location: Springfield, VA START YOUR APPLICATION Position Description: The Cyber Data Science Engineer provides support to the customer in the area of Cyber...
-
Cyber Security Engineer with Security Clearance
1 month ago
Springfield, United States Dexian Signature Federal Full timeCyber Security Engineer, Principal Seeking a motivated, career and customer-oriented Cyber Security Engineer to join our team in Springfield, VA, to provide unparalleled support to our customer and to begin an exciting and rewarding career within ManTech. Responsibilities include, but are not limited to: • Support Cyber Operations activities to publish...
-
Data Science Cyber Systems Engineer
3 weeks ago
Springfield, United States Tenica Global Solutions Full timePosition Description The Cyber Data Science Engineer provides support to the customer in the area of Cyber Security. Daily Tasks include, but are not limited to: Support Designated Authorizing Official Representative (DAO-R) and ConMon Validators in compliance decisions by analyzing data sets found in the customer's vulnerability scanning, authorization and...
-
Springfield, United States TENICA and Associates LLC Full timeTENICA is looking to hire a Cyber Operations Systems Engineer. TS/SCI with CI poly Location: Springfield, VA Position Description: The Cyber Indications and Warnings Engineer Technical Specialist provides SETA support to the customer in the area of Cyber Security Operations. Daily tasks include, but are not limited to: * Compile's information to develop the...
-
Authorizing Official
2 weeks ago
Springfield, United States Elite Technical's Customer Full timeAuthorizing Official Our client, a federal contractor has multiple openings for Authorizing officials with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other...
-
Intelligence Operations Specialist
3 days ago
Springfield, United States USAJobs Full timeDutiesThis Intelligence Operations Specialist - Cyber Analyst position is located Intelligence and Analysis, Transportation Security Administration, Department of Homeland Security (DHS). Duties include but are not limited to: Monitors, research, reports, and initiates products and briefings on multiple, varying, complex, specialized assignments related to...
-
Intelligence Operations Specialist
1 day ago
Springfield, United States USAJobs Full timeDutiesThis Intelligence Operations Specialist - Cyber Analyst position is located Intelligence and Analysis, Transportation Security Administration, Department of Homeland Security (DHS). Duties include but are not limited to: Monitors, research, reports, and initiates products and briefings on multiple, varying, complex, specialized assignments related to...
-
Springfield, United States TENICA and Associates LLC Full timePosition Description: The Cyber Data Science Engineer provides support to the customer in the area of Cyber Security. Daily Tasks include, but are not limited to: * Support Designated Authorizing Official Representative (DAO-R) and ConMon Validators in compliance decisions by analyzing data sets found in the customer's vulnerability scanning, authorization...
-
Cyber Fraud Analyst
1 month ago
Springfield, United States MASSMUTUAL Full time**The Opportunity** The Cyber Fraud Analyst is a member of the Fraud Analyst & Analytics team responsible for delivering enhanced monitoring and alerting in response to fraud events. In this position, you'll report to the Director of Digital and New Business in Fraud Operations and works cross-functionally with Security, Legal, Privacy, Compliance, and IT...
-
IT Risk Manager
2 weeks ago
Springfield, Illinois, United States Great Southern Bank Full timeCome be a part of something greater Great Southern Bank is committed to fostering an environment where everyone can contribute and succeed at every level. By embracing diversity, we celebrate and value differences in age, outlook, cultural background, lifestyle and physical ability. We offer career opportunities and advancement across a wide range of...
-
Vulnerability Assessment Analyst
1 week ago
Springfield, United States Elite Technical's Customer Full timeVulnerability Assessment Analyst (Cyber)Our client, a federal contractor is seeking a Vulnerability Assessment Analyst to perform assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.The position is 100% onsite at the...
-
Vulnerability Assessment Analyst
2 weeks ago
Springfield, United States Elite Technical's Customer Full timeVulnerability Assessment Analyst (Cyber)Our client, a federal contractor is seeking a Vulnerability Assessment Analyst to perform assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.The position is 100% onsite at the...
-
Vulnerability Assessment Analyst
2 weeks ago
Springfield, United States Elite Technical's Customer Full timeVulnerability Assessment Analyst (Cyber)Our client, a federal contractor is seeking a Vulnerability Assessment Analyst to perform assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.The position is 100% onsite at the...
-
Vulnerability Assessment Analyst
1 day ago
Springfield, United States Elite Technical's Customer Full timeVulnerability Assessment Analyst (Cyber)Our client, a federal contractor is seeking a Vulnerability Assessment Analyst to perform assessments of systems and networks within the network environment or enclave and identifying where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.The position is 100% onsite at the...
