Posted Date
2/26/2025
Description
Principal Associate, Authentication and Access Assurance (AAA)
The Authentication and Access Assurance (AAA) team is responsible for conducting cybersecurity risk assessments that evaluate authentication and access management practices across the organization. Our team ensures compliance with the FFIEC Authentication & Access Guidance and identifies key risks that impact the security and resilience of financial services.
As a Principal Associate, Cyber Risk Assessor, you will play a critical role in assessing authentication risks, identifying control gaps, and providing actionable recommendations. You will engage with stakeholders across cybersecurity, IT, and business functions to drive risk-based decision-making and improve authentication and access security.
This is an opportunity to work in a highly adaptable and evolving team, directly contributing to the organization’s cybersecurity posture. We seek an individual who is technically proficient, business-savvy, and an effective communicator, with a passion for authentication and identity security.

EXPERIENCE:

• Experience in cybersecurity risk assessment, cybersecurity audit, or IAM security, with a focus on authentication risks and access management.
• Familiarity with the FFIEC Authentication & Access Guidance and experience assessing compliance against it.
• Strong understanding of authentication technologies, including multi-factor authentication (MFA), passwordless authentication, biometric authentication, and risk-based authentication.
• Working knowledge of IAM security principles, such as identity governance, privileged access management (PAM), role-based access control (RBAC), and just-in-time access.
• Experience working with stakeholders across business, IT, and security teams, with an ability to effectively communicate and influence security decisions.
• Ability to manage multiple assessments simultaneously, maintain adherence to deadlines, and escalate issues when needed.
• Strong critical thinking and analytical skills, with the ability to assess control effectiveness and make well-reasoned risk judgments.
• Excellent written and verbal communication skills, including the ability to translate technical risk assessments into business-relevant insights.

BASIC QUALIFICATIONS

• High School Diploma, GED or equivalent certification
• At least 3 years of experience working in cybersecurity or information technology
• At least 1 year of experience in cybersecurity risk assessments or cybersecurity audit

PREFERRED QUALIFICATIONS:

• 2+ years of experience with risk frameworks NIST CSF, NIST 800-63, ISO 27001, or PCI DSS
• 1+ year of experience in federated identity management, single sign-on (SSO) solutions, and modern authentication protocols (OAuth, SAML, OpenID Connect)
• 1+ year of experience working in financial services cybersecurity or a highly regulated environment
• One or more professional certifications CISSP, CISA, CRISC, or CCSP

EXPERIENCE:

• Experience in cybersecurity risk assessment, cybersecurity audit, or IAM security, with a focus on authentication risks and access management.
• Familiarity with the FFIEC Authentication & Access Guidance and experience assessing compliance against it.
• Strong understanding of authentication technologies, including multi-factor authentication (MFA), passwordless authentication, biometric authentication, and risk-based authentication.
• Working knowledge of IAM security principles, such as identity governance, privileged access management (PAM), role-based access control (RBAC), and just-in-time access.
• Experience working with stakeholders across business, IT, and security teams, with an ability to effectively communicate and influence security decisions.
• Ability to manage multiple assessments simultaneously, maintain adherence to deadlines, and escalate issues when needed.
• Strong critical thinking and analytical skills, with the ability to assess control effectiveness and make well-reasoned risk judgments.
• Excellent written and verbal communication skills, including the ability to translate technical risk assessments into business-relevant insights.

BASIC QUALIFICATIONS

• High School Diploma, GED or equivalent certification
• At least 3 years of experience working in cybersecurity or information technology
• At least 1 year of experience in cybersecurity risk assessments or cybersecurity audit

PREFERRED QUALIFICATIONS:

• 2+ years of experience with risk frameworks NIST CSF, NIST 800-63, ISO 27001, or PCI DSS
• 1+ year of experience in federated identity management, single sign-on (SSO) solutions, and modern authentication protocols (OAuth, SAML, OpenID Connect)
• 1+ year of experience working in financial services cybersecurity or a highly regulated environment
• One or more professional certifications CISSP, CISA, CRISC, or CCSP

Please refer the Job description for details