Join our elite STIIR (Supplier Threat Intelligence and Incident Response) team and be at the forefront of innovative third-party cyber risk management strategies. In this dynamic role, you’ll leverage cutting-edge technology and intelligence to protect our digital landscape, making a real-world impact on global cybersecurity. Your expertise will help shape the future of secure digital operations, safeguarding critical assets and fortifying our cyber defenses.

As a Cybersecurity Intelligence Senior Associate in Cybersecurity Operations, you will play a pivotal role in advancing the firm’s SBOM (Software Bill of Materials) program and supporting proactive third-party cyber risk management. You will manage the end-to-end process for collecting, scanning, and analyzing supplier SBOMs, drive supplier outreach for remediation of critical vulnerabilities, and deliver regular reporting and tailored communications to both internal and external stakeholders. Your work will directly contribute to cyber awareness, vulnerability surveys, and monthly newsletters, enhancing the firm’s overall cyber resilience.

Job responsibilities

• Lead the cross-functional process for scanning supplier SBOMs to identify open source vulnerabilities and malicious packages. Oversee supplier outreach for remediation of prioritized findings, especially those with high-risk ratings.
• Develop and deliver regular reports to internal stakeholders, including executive summaries and technical deep-dives. Create tailored external communications such as cyber awareness materials, vulnerability surveys, and monthly newsletters.
• Proactively identify and assess global and industry-specific attack vectors, emerging trends, and potential risks. Analyze the third party threat landscape to inform and shape the firm’s cybersecurity strategy.
• Work closely with cross-functional teams in Cyber, Technology, and the Business to drive continuous improvement and implement recommended mitigations.

Required qualifications, capabilities, and skills

• Minimum 3 years of relevant cybersecurity experience, including scanning and analysis for open source vulnerabilities and malicious packages.
• Outstanding written, verbal, and presentation skills; able to communicate complex technical information to diverse audiences.
• Strong working knowledge of Software Development Life Cycle (SDLC) and DevSecOps practices.
• Experience in offensive cybersecurity, including proactive testing and evaluation of systems, networks, and applications to identify vulnerabilities.
• Excellent analytical and problem-solving skills, with keen attention to detail.
• Proven ability to collaborate across organizational boundaries and develop actionable improvement plans.
• Self-starter with a drive to deliver results and a continuous improvement mindset.

Preferred qualifications, capabilities, and skills

• Familiarity with industry risk frameworks (ISO27001, NIST Cybersecurity Framework, MITRE ATT&CK, etc.).
• Professional certifications such as CISSP, CISA, CISM, CCSP, or CRISC.
• Background in Product Security, Incident Response, or Technology/Cyber Audit.
• Basic programming skills (Python preferred) to support automation, data analysis, and process improvement.