We are seeking a detail-oriented and experienced Cyber Risk Specialist to join our second line of defense (SLOD) team. This role is responsible for leading and supporting the execution of Risk Control Self-Assessments (RCSA) within the cybersecurity domain, ensuring alignment with the NIST Cybersecurity Framework (CSF) and the FFIEC Information Security Handbook. The ideal candidate will possess a strong understanding of cybersecurity controls, regulatory expectations, and risk management principles in the financial services sector.
Key Responsibilities
RCSA Program Execution
- Lead the execution of comprehensive cybersecurity RCSAs in alignment with NIST CSF and FFIEC Information Security Handbook.
- Identify and evaluate cybersecurity control gaps; support development of remediation plans and risk mitigation strategies.
- Drive enhancements to control framework design, documentation, and integration with existing enterprise risk programs.
Control Framework Development & Oversight
- Develop and maintain control design documentation across cybersecurity domains.
- Support remediation planning through actionable road maps and prioritized timelines for gap closure.
- Ensure clear ownership and accountability of control responsibilities.
Stakeholder Engagement & Governance
- Collaborate with IT, Risk, Compliance, and Business units to ensure coordinated risk assessments and effective communication.
- Prepare risk governance reporting, dashboards, and executive summaries for ongoing cyber risk visibility.
- Conduct training and awareness sessions on RCSA methodologies and regulatory requirements.
Ongoing Risk Management Activities
- Maintain centralized risk registers and control repositories for transparency and audit readiness.
- Implement continuous control monitoring and exception reporting protocols.
- Leverage data analytics to identify risk trends and support predictive assessments.
- Monitor regulatory developments and ensure integration of emerging requirements into the risk framework.
- Uphold documentation standards to ensure thorough audit trails and evidence repositories.
Expected Deliverables
- Documenting RCSA methodology aligned with NIST CSF and FFIEC guidelines.
- Risk and control matrices with ownership assignments.
- Defining control testing and validation procedures.
- Gap remediation plans with actionable steps and timelines.
- Training documentation and knowledge transfer materials.
- Executive-level reporting and dashboards to track risk posture over time.
Qualifications & Skills
- Experience with Second Line of Defense (SLOD) risk management functions.
- Strong background in conducting Risk Control Self-Assessments (RCSAs).
- Proficient in cybersecurity control frameworks, especially NIST CSF and FFIEC Information Security Handbook.
- Knowledge of control design, documentation, testing, and remediation processes.
- Excellent collaboration, stakeholder engagement, and cross-functional communication skills.
- Ability to translate technical control issues into business-relevant risk insights.
- Experience in data analysis for risk trend identification is a plus.
Preferred Certifications
- CISSP, CISA, CRISC, or related cybersecurity or risk certifications.
Why work with us? We are a woman-owned company that values your ideas, encourages your growth, and always has your back. When you work with us, not only do you get health and dental benefits on the first day of employment, but you also have training opportunities, flexible/remote work options, growth opportunities, 401K and competitive pay. Apply today! We are an EOE, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. https://www.optechus.com/eeo_self_identification/