Cyber Risk Management - Associate

Summary CACIB is seeking a highly motivated and detail-oriented Associate, Cyber Risk Management to join our growing cybersecurity and risk team. This role will play a central part in conducting internal cyber security reviews, including enterprise control and maturity assessments, as well as application level and third-party risk assessments. The ideal candidate will have hands-on experience performing cyber risk assessments and strong foundational knowledge of cybersecurity controls and frameworks. Key Responsibilities - Plan, conduct, and document cyber risk assessments for internal applications, infrastructure, and networks - Perform cybersecurity reviews of third-party vendors as part of the onboarding and ongoing risk evaluation process - Perform control testing on cybersecurity and technology related controls to assess the design and effectiveness - Assess risk in alignment with control standards and business context, and evaluate control effectiveness using established frameworks such as NYDFS 500, NIST CSF, ISO27001, FFIEC, and CRI - Collaborate with internal stakeholders, including application owners, IT, and procurement, to gather risk related information, validate controls, and communicate results - Contribute to the ongoing development of cybersecurity policies, control requirements, and risk assessment procedures - Map and maintain controls to industry frameworks, and assist in interpreting requirements for new systems, vendors, or processes - Support efforts to improve the maturity and efficiency of the cyber risk assessment process, including process optimization and integration with Enterprise Risk Management Framework Additional Responsibilities - Support the development of cyber risk metrics, dashboard, and reporting materials related to risk assessments or audits - Participate in internal readiness reviews and external audits as needed by providing evidence and control documentation - Help identify opportunities to streamline assessment workflows and improve consistency across risk domains Required Qualitifications - 2-5 years of experience in cyber risk management, IT risk, cybersecurity, or a related discipline - Familiarity with risk assessment frameworks (e.g., NIST RMF, FAIR, etc.) - Familiarity with cybersecurity principles, tools, and control frameworks (e.g., NIST CSF, CRI, CIS Controls) · 2+ years in information security, risk management, or similar field Required: Bachelor's degree in cybersecurity, information technology, or related field Preferred: · Advanced studies in information security or risk management CRISC, CISA certification or equivalent