Senior Consultant – Cyber Security
New York City, New York, United States of America
Full Time
16 hours ago
No Visa Sponsorship
Key skills
Cyber SecurityServiceNowIAMLeadership
About this role
Role Overview
- Advise large U.S. banks, broker-dealers, and insurers on the most consequential cyber security problems they face.
- Lead client-facing workstreams that translate regulator findings into defensible, executable remediation plans.
- Drive those plans to closure alongside CISO, Risk, and Audit leadership.
- Own the substance: writing remediation roadmaps accepted by OCC, FRB, or NY DFS examiners.
- Harden the controls that fail under exam.
- Push technical workstreams — incident response, vulnerability and patch management, and identity — across the finish line.
Requirements
- Lead regulatory remediation programs.
- Translate MRAs, MRIAs, Matters Requiring Attention, Consent Orders, and 500.17 (NY DFS) cybersecurity event notifications into prioritized remediation plans with defensible milestones, evidence requirements, and validation criteria.
- Run point with examiners and internal audit.
- Prepare clients for FRB, OCC, FDIC, NY DFS, SEC, and FFIEC exams and continuous-monitoring touchpoints.
- Drive technical remediation, not just documentation.
- Partner with client CISO, IT Risk, Infrastructure, and IAM teams to actually close findings — not just status-report them.
- Run cyber incident response engagements.
- Lead or co-lead client-side IR for material events: containment strategy, forensic coordination, regulator and law-enforcement notification timing, executive and board communications, and post-incident remediation.
- Strengthen vulnerability and patch management programs.
- Assess current-state VM/patch operations, design risk-based SLAs, build exception governance, and operationalize tooling (Qualys, Tenable, Rapid7, Wiz, ServiceNow VR) so remediation actually happens at SLA.
- Lead IAM remediation workstreams.
- Drive privileged access management, joiner-mover-leaver, recertification, segregation-of-duties, and identity governance improvements.
- Coach the team.
- Mentor analysts and consultants. Review their deliverables. Raise the bar on what “good” looks like in a remediation deliverable.
- Grow the practice.
- Contribute to proposals, thought leadership, and methodology assets. Identify follow-on work with existing clients.
- You should be able to walk into a client room and speak credibly to at least three of the following frameworks and regimes — not from a study guide, but from having done the work: Federal Reserve Board (FRB) / SR 11-7 model risk, SR 20-24 and SR 21-14 cyber and operational resilience guidance, MRAs and MRIAs, OCC Heightened Standards (12 CFR Part 30, Appendix D) and OCC cyber risk expectations, NY DFS Part 500, including the 2023 amendments, FFIEC Cybersecurity Assessment Tool, IT Examination Handbook, SEC Cybersecurity Disclosure Rules, NIST CSF 2.0, NIST 800-53, NIST 800-171, ISO/IEC 27001/27002; CIS Controls, SOX ITGC, PCI DSS 4.0, GLBA Safeguards Rule, and SOC 1/SOC 2 attestation work — nice-to-have.
- Hands-on experience leading or coordinating IR for ransomware, business email compromise, third-party breach, insider, and nation-state events.
- Working knowledge of NIST SP 800-61, MITRE ATT&CK, and the practical mechanics of containment, eradication, and recovery in complex enterprise environments.
Tech Stack
- Cyber Security
- ServiceNow
Benefits
- Electric Mind is committed to diversity in the workplace.
- We are an inclusive employer and welcome and encourage applications from all qualified candidates.
- Applicants’ needs will be accommodated during our recruitment and selection process so please advise us if you require accommodation.