Full Description + Application Link

Req Id:  5329

Where you’ll work:
Our flexible, hybrid work model offers the option to work remotely or in the office.



How you’ll contribute:
As a Cybersecurity Governance and Risk Management Analyst, you’ll play a critical role on our Cybersecurity Governance team to support our cybersecurity risk function and to ensure our vendors adhere to the requirements outlined in our contractual agreements.  



In this role, you’ll get to:

    Help conduct Cyber Risk Assessments and Cyber Risk Oversight to ensure alignment with multiple frameworks and regulations such as NIST CSF 2.0, NYDFS Reg 500 and CCM. The following tasks are associated with this activity:
        Scoping and Planning: Assist with determining the assets, processes, and controls in scope and engage key stakeholders. Estimate hours for meetings, research, and documentation.
        Data Collection and Analysis: Gather evidence, interview control owners, analyze existing reports and synthesize findings.
        Reporting and Recommendations: Assist with drafting the report, aligning recommendations, and presenting to stakeholders.
        Remediation: Help oversee the remediation activities associated with the gaps identified during the assessment.
    Assist with Penetration Testing Oversight of all 3rd party engagements. The following tasks are associated with this activity:
        Scoping and Vendor Coordination: Engage vendors, define the testing scope, and review test plans.
        Monitoring Execution: Schedule regular check-ins, review interim findings, and address issues. Capture efforts in facilitating vendor communications.
        Reporting and Remediation Tracking: Analyze final reports, collaborate with stakeholders on remediation plans, create and update service tickets.
    Review and respond to 3rd Party Due Diligence Questionnaires. The following tasks are associated with this activity:
        Respond to request from 3rd party organization regarding inquiries into BHF’s cybersecurity program.
        Support the broader business during regulatory examinations by gathering documentation and responses to technology and security related issues.
        Establish a strong and active governance of our managed service engagement contracts.
    Provide guidance on how contract SLAs are managed, issues are escalated and resolved, and risks are mitigated and managed with key third parties. The following tasks are associated with this activity:
        Focus on services and stakeholders and how they are aligned to the end-to-end services that are provided.
        Focus on relationship management and effective communication to address and resolve service issues during the engagement.
        Proactively manage open issues to facilitate their timely resolution.



We’re looking for people who have:

    Bachelor’s degree in computer science, related field, or equivalent work experience.
    5+ years of relevant experience.
    Skilled in working cross functionally across teams and gaining favor of key decision makers.
    Strong familiarity with cybersecurity risk management and relevant frameworks such as NIST CSF 2.0.
    Security certification (e.g., Security+, CISM) recommended.
    Deep knowledge and understanding of metrics and KPIs.
    Exemplary analytical, quantitative and social skills.
    Project management experience is a plus.
    Effective communication and social skills and able to receive criticism well.
    Efficient in handling confidential business matters and information with discretion.
    Maintain company standards in a fast-paced environment.



Research shows some people may not apply for a role if they don’t check all the boxes of a job description. If you don’t check every box listed, that’s okay. We would love to hear from you.



What you’ll receive:

    Compensation – Base salary ranging from $100,000.00 to $120,000.00 plus competitive performance-based incentives determined by company and individual results.
    Flexible Work Environment – Work remotely or in the office to better thrive in all areas of life.
    Paid Time Off – Recharge with a minimum of 20 days of paid time off and 16 paid company holidays per calendar year plus paid volunteer time and paid study time.
    Financial Health – Work toward achieving your financial goals through our 401(k) savings plan with company match (up to 6%) and annual company nondiscretionary contribution (3%), 15% employee stock purchase plan discount, and financial counseling services.
    Health and Wellness – Enjoy competitive medical, vision, and dental plans plus tax-free health savings accounts with potential company contributions up to $1,000 per family.
    Family Support – Care for loved ones with up to 16 weeks of paid leave for new parents, back-up dependent care, dependent care flexible spending account, and up to a $25,000 lifetime maximum during your adoption, infertility, or surrogacy journey.
    Life and Disability Support – Gain access to company-paid basic life insurance and short-term disability insurance.