Cyber Intelligence Senior Associate - Supplier Cyber Risk

Join our elite cybersecurity team and be at the forefront of innovative third-party cyber risk management strategies.

In this dynamic role, you'll leverage cutting-edge technology and intelligence to protect our digital landscape, making a real-world impact on global cybersecurity.

Your expertise will help shape the future of secure digital operations, safeguarding critical assets and fortifying our cyber defenses.

As a Cybersecurity Intelligence Senior Associate in Cybersecurity Operations, you will play a pivotal role in advancing proactive third-party cyber risk management at the firm.

You will manage the end-to-end process for collecting and analyzing supplier intelligence, and lead supplier outreach to remediate critical vulnerabilities.

Additionally, you will deliver regular reporting and tailored communications to both internal and external stakeholders.

Your efforts will directly support cyber awareness initiatives, vulnerability communications, and monthly newsletters, thereby enhancing the firm's overall cyber resilience.

Job responsibilities



* Proactively identify and assess global and industry-specific attack vectors, emerging trends, and potential risks.

Analyze the third party threat landscape to inform and shape the firm's cybersecurity strategy.


* Work closely with cross-functional teams in Cyber, Technology, and the Business to drive continuous improvement and implement recommended mitigations.


* Oversee supplier outreach for remediation of prioritized findings, especially those with high-risk ratings.


* Develop and deliver regular reports to internal stakeholders, including executive summaries and technical deep-dives.


* Create tailored external communications such as cyber awareness materials, vulnerability surveys, and monthly newsletters.

Required qualifications, capabilities, and skills



* Minimum 3 years of relevant cybersecurity experience, including scanning and analysis for open source vulnerabilities and malicious packages.


* Outstanding written, verbal, and presentation skills; able to communicate complex technical information to diverse audiences.


* Strong working knowledge of Software Development Life Cycle (SDLC) and DevSecOps practices.


* Experience in offensive cybersecurity, including proactive testing and evaluation of systems, networks, and applications to identify vulnerabilities.


* Experience identifying, prioritizing, and remediating vulnerabilities.


* Excellent analytical and problem-solving skills, with keen attention to detail.


* Proven ability to collaborate across organizational boundaries and develop actionable improvement plans.


* Self-starter with a drive to deliver results and a continuous improvement mindset.

Preferred qualifications, capabilities, and skills



* Familiarity with industry risk frameworks (ISO27001, NIST Cybersecurity Framework, MITRE ATT&CK, etc.).


* Professional certifications such as CISSP, CISA, CI...