Haystack
← Back to Jobs
Technology

Cybersecurity Analyst Consultant

Pivotal Solutions IncNew York, NY🇺🇸United StatesPosted 10 Jul 2026

Quick Overview

Work Type
Hybrid
Level
Mid Senior

Job Description

Our client, based in New York, NY, is looking to hire a Cybersecurity Analyst Consultant.
Project duration: 3 months
I have listed below a detailed job description for your review.
If you have the required experience and interest, please email me a current resume, along with your responses to the following questions:
*** How much experience in years do you have in cybersecurity?
*** How much experience in years do you have with security awareness?
*** How much experience in years do you have with Governance, Risk Management, and Compliance (GRC) functions?
*** How much experience in years do you have running security awareness programs and phishing simulations?
*** How much experience in years do you have completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)?
*** Do you have working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls?
*** What is your desired hourly rate?
*** Where do you currently reside (city, state)?
*** Are you able to work in New York, NY?
*** What is your availability to start a new project?
Thank you!
Steven Edelman
Pivotal Solutions, Inc.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Job Description:

We are seeking a Cybersecurity Analyst to advance our Human Cyber Risk Management program while supporting enterprise-wide risk and compliance efforts. This role is instrumental in strengthening the organization s security posture by promoting secure behaviors, managing user-centric risk initiatives, and addressing regulatory and client-facing cybersecurity requirements.

The ideal candidate combines expertise in security awareness with a strong understanding of human risk dynamics and core risk management practices and demonstrates the ability to collaborate effectively across global teams.

Key Responsibilities

  • Deliver and continuously enhance security awareness programs, including quarterly, threat-informed campaigns
  • Execute phishing simulations, including scenario design, targeting, and performance analysis
  • Support Cybersecurity Awareness Month and other enterprise-wide engagement initiatives
  • Maintain internal cybersecurity resources to promote accessible guidance and best practices
  • Contribute to external cyber trust centers/client assurance portals, ensuring accurate and current content
  • Monitor and report on human risk metrics, providing actionable insights to stakeholders
  • Partner with HR and Internal Communications to strengthen security culture and drive behavior change
  • Support user access reviews (UARs), service accounts and non-human identities review ensuring coordination, completion tracking, and audit readiness
  • Respond to client due diligence questionnaires (DDQs) on cybersecurity practices
  • Support audit activities, including evidence collection and remediation tracking
  • Support policy exceptions and technology risk issue tracking and remediation
  • Partner with IT, Risk, Legal, and Business teams to align security initiatives
  • Support client-facing teams with cybersecurity communications and inquiries

Qualifications and Experience

  • 3+ years of experience in cybersecurity, with exposure to both security awareness and GRC functions
  • Demonstrated experience running security awareness programs and phishing simulations
  • Familiarity with user access, service accounts and non-human identities review processes and identity/access governance concepts
  • Experience completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)
  • Strong understanding of cybersecurity principles, threats, and human risk factors
  • Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences

Technical Expertise

  • Experience with security awareness platforms, phishing simulation tools, and GRC systems
  • Understanding of Identity and Access Management (IAM), including authentication, authorization, and governance
  • Knowledge of Privileged Access Management (PAM) and least privileged principles
  • Familiarity with automation and scripting to support security and risk processes
  • Working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls

Core Competencies

  • Drives behavior changes through effective, targeted communication
  • Applies a pragmatic approach to prioritize and manage cyber risk
  • Leverages data and metrics to inform decisions and improve programs
  • Partners effectively across global, cross-functional teams
  • Simplifies complex cybersecurity concepts for diverse audiences

Values & Culture

  • Acts with non-negotiable integrity and maintains the highest professional standards.
  • Demonstrates intellectual curiosity, seeking to continually advance the firm s cybersecurity engineering posture.
  • Embodies collaboration, transparency, and accountability in all engagements.
  • Dedicated to protecting client trust through security excellence and proactive risk management.

Special Requirements

  • Hybrid work model (4 days onsite preferred)
  • Occasional after-hours support for global operations

Similar jobs