Senior Consultant - Cyber Security

At Electric Mind, Engineering is where strategy meets action. Our team helps organizations cut through complexity—aligning business ambition with technology execution to unlock real, lasting change. You’ll work alongside curious, driven people tackling high-impact challenges for everyone from scaling startups to global enterprises. Each engagement is different, pushing you to learn, adapt, and grow. Electric Mind’s Technology Practice brings together deep engineering expertise, modern delivery disciplines, and pragmatic architectural thinking to help clients execute complex, mission-critical transformation. We design and implement scalable, secure, high-impact technology solutions that accelerate business outcomes. About the Role We advise large U.S. banks, broker-dealers, and insurers on the most consequential cyber security problems they face — the ones that show up in MRAs, MRIAs, Consent Orders. As a Senior Consultant on our Cyber & Regulatory Remediation team, you will lead client-facing workstreams that translate regulator findings into defensible, executable remediation plans, and then drive those plans to closure alongside CISO, Risk, and Audit leadership. This is not a generic GRC role. You will own the substance: writing remediation roadmaps that an OCC, FRB, or NY DFS examiner will accept, hardening the controls that fail under exam, and personally pushing technical workstreams — incident response, vulnerability and patch management, and identity — across the finish line. About Electric Mind Electric Mind is a fast-growing, AI-native advisory and digital engineering firm built for those who want to shape the future, not just watch it happen. We blend premium strategy expertise with cutting-edge AI-centric engineering to solve complex, meaningful problems for industry-leading clients. We pride ourselves on a high-touch delivery model and a culture that values diverse talent, innovation, and true client partnership — creating an environment where your ideas matter and your impact is visible. If you’re looking for a place where you can grow fast, collaborate with exceptional teammates, and help build a company scaling its capabilities and global footprint at speed — Electric Mind is the place to ignite your career. The future is bright! For more info on Electric Mind, check out our Careers Page and Instagram. Electric Mind is committed to diversity in the workplace. We are an inclusive employer and welcome and encourage applications from all qualified candidates. Applicants’ needs will be accommodated during our recruitment and selection process so please advise us if you require accommodation. What You'll Do Lead regulatory remediation programs. Translate MRAs, MRIAs, Matters Requiring Attention, Consent Orders, and 500.17 (NY DFS) cybersecurity event notifications into prioritized remediation plans with defensible milestones, evidence requirements, and validation criteria. Run point with examiners and internal audit. Prepare clients for FRB, OCC, FDIC, NY DFS, SEC, and FFIEC exams and continuous-monitoring touchpoints. Draft response letters, walkthroughs, and evidence packages. Defend the work. Drive technical remediation, not just documentation. Partner with client CISO, IT Risk, Infrastructure, and IAM teams to actually close findings — not just status-report them. Push for engineering outcomes, not slideware. Run cyber incident response engagements. Lead or co-lead client-side IR for material events: containment strategy, forensic coordination, regulator and law-enforcement notification timing, executive and board communications, and post-incident remediation. Strengthen vulnerability and patch management programs. Assess current-state VM/patch operations, design risk-based SLAs, build exception governance, and operationalize tooling (Qualys, Tenable, Rapid7, Wiz, ServiceNow VR) so remediation actually happens at SLA. Lead IAM remediation workstreams. Drive privileged access management, joiner-mover-leaver, recertification, segregation-of-duties, and identity governance improvements. Reduce standing privilege and clean up the access debt regulators flag. Coach the team. Mentor analysts and consultants. Review their deliverables. Raise the bar on what “good” looks like in a remediation deliverable. Grow the practice. Contribute to proposals, thought leadership, and methodology assets. Identify follow-on work with existing clients. Required Regulatory Expertise You should be able to walk into a client room and speak credibly to at least three of the following frameworks and regimes — not from a study guide, but from having done the work: Federal Reserve Board (FRB) / SR 11-7 model risk, SR 20-24 and SR 21-14 cyber and operational resilience guidance, MRAs and MRIAs. OCC Heightened Standards (12 CFR Part 30, Appendix D) and OCC cyber risk expectations. NY DFS Part 500 — including the 2023 amendments: CISO reporting to the Board, governance, 72-hour incident notification, ransomware payment notification, asset inventory, MFA, encryption, and Class A company requirements. FFIEC Cybersecurity Assessment Tool, IT Examination Handbook (Information Security, Business Continuity, Operations). SEC Cybersecurity Disclosure Rules (Regulation S-K Item 106, Form 8-K Item 1.05) and Reg S-P amendments. NIST CSF 2.0, NIST 800-53, NIST 800-171; ISO/IEC 27001/27002; CIS Controls. SOX ITGC, PCI DSS 4.0, GLBA Safeguards Rule, and SOC 1/SOC 2 attestation work — nice-to-have. Required Technical & Operational Expertise Cyber Incident Management Hands-on experience leading or coordinating IR for ransomware, business email compromise, third-party breach, insider, and nation-state events. Working knowledge of NIST SP 800-61, MITRE ATT&CK, and the practical mechanics of containment, eradication, and recovery in complex enterprise environments. Comfort coordinating across legal, privacy, communications, forensics (Mandiant, CrowdStrike, Kroll, Unit 42), insurance, and regulators under time pressure. Experience drafting and defending incident notifications and regulator communications under NY DFS Part 500, SEC 8-K Item 1.05, GDPR, and state breach laws. Vulnerability Remediation & Patch Management Demonstrated experience designing or remediating enterprise VM programs: scanning coverage, risk scoring (CVSS, EPSS, KEV), SLA design, exception governance, and metrics. Operational familiarity with Qualys, Tenable (Nessus / Tenable.io / Tenable.sc), Rapid7 InsightVM, Wiz, Microsoft Defender for Cloud, and ServiceNow Vulnerability Response. Patch management at scale across Windows, Linux, network, container, and cloud workloads — including the political work of getting business units to actually patch. Identity & Access Management (IAM) Strong grasp of IAM domains: identity governance and administration (IGA), privileged access management (PAM), authentication and federation, joiner-mover-leaver, access certification, and SoD. Working experience with at least two of: SailPoint, Saviynt, Okta, Azure AD / Entra ID, Ping, CyberArk, BeyondTrust, Delinea. Practical experience reducing standing privilege, designing role models, and remediating common findings (orphaned accounts, toxic combinations, shared service accounts, weak recertification).

{
  "content_hash": "0640d2fd0dab07edf65b44c195231cd7c9a7a51112f094beb408f9c6e63b1a39",
  "source_hash": "cd57f40c95c08f7ed01e84ac87c0e1362fe4dafbcfccf04111e43c62a9290151",
  "last_changed_at": "2026-06-19T07:55:47.914Z",
  "active_status": "active"
}

{
  "dedupe": null,
  "language": "en",
  "location": {
    "raw": "New York City, New York",
    "city": "New York City",
    "region": "NY",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.85
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-21T07:55:46.177Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "New York City, New York",
      "city": "New York City",
      "region": "NY",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.85
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": null,
  "workplace_type": "hybrid",
  "salary_currency": null
}

{}

{
  "lists": [
    {
      "text": "What You'll Do",
      "content": "<div>\n\n<li><strong data-olk-copy-source=\"MessageBody\">Lead regulatory remediation programs.&nbsp;</strong>Translate MRAs, MRIAs, Matters Requiring Attention, Consent Orders, and 500.17 (NY DFS)&nbsp;cybersecurity event notifications into prioritized remediation plans with defensible milestones, evidence requirements, and validation criteria.</li>\n<li><strong>Run point with examiners and internal audit.&nbsp;</strong>Prepare clients for FRB, OCC, FDIC, NY DFS, SEC, and FFIEC exams and continuous-monitoring touchpoints. Draft response letters, walkthroughs, and evidence packages. Defend the work.</li>\n<li><strong>Drive technical remediation, not just documentation.&nbsp;</strong>Partner with client CISO, IT Risk, Infrastructure, and IAM teams to actually close findings — not just status-report them. Push for engineering outcomes, not slideware.</li>\n<li><strong>Run&nbsp;cyber&nbsp;incident response engagements.&nbsp;</strong>Lead or co-lead client-side IR for material events: containment strategy, forensic coordination, regulator and law-enforcement notification timing, executive and board communications, and post-incident remediation.</li>\n<li><strong>Strengthen vulnerability and patch management programs.&nbsp;</strong>Assess current-state VM/patch operations, design risk-based SLAs, build exception governance, and operationalize tooling (Qualys, Tenable, Rapid7, Wiz, ServiceNow VR) so remediation actually happens at SLA.</li>\n<li><strong>Lead IAM remediation workstreams.&nbsp;</strong>Drive privileged access management, joiner-mover-leaver, recertification, segregation-of-duties, and identity governance improvements. Reduce standing privilege and clean up the access debt regulators flag.</li>\n<li><strong>Coach the team.&nbsp;</strong>Mentor analysts and consultants. Review their deliverables. Raise the bar on what “good” looks like in a remediation deliverable.</li>\n<li><strong>Grow the practice.&nbsp;</strong>Contribute to proposals, thought leadership, and methodology assets. Identify follow-on work with existing clients.</li>\n\n</div>"
    },
    {
      "text": "Required Regulatory Expertise",
      "content": "<div>\n<div data-olk-copy-source=\"MessageBody\">You should be able to walk into a client room and speak credibly to at least three of the following frameworks and regimes — not from a study guide, but from having done the work:</div>\n\n<li>Federal Reserve Board (FRB) / SR 11-7 model risk, SR 20-24 and SR 21-14&nbsp;cyber&nbsp;and operational resilience guidance, MRAs and MRIAs.</li>\n<li>OCC Heightened Standards (12 CFR Part 30, Appendix D) and OCC&nbsp;cyber&nbsp;risk expectations.</li>\n<li>NY DFS Part 500 — including the 2023 amendments: CISO reporting to the Board, governance, 72-hour incident notification, ransomware payment notification, asset inventory, MFA, encryption, and Class A company requirements.</li>\n<li>FFIEC&nbsp;Cybersecurity Assessment Tool, IT Examination Handbook (Information Security, Business Continuity, Operations).</li>\n<li>SEC&nbsp;Cybersecurity Disclosure Rules (Regulation S-K Item 106, Form 8-K Item 1.05) and Reg S-P amendments.</li>\n<li>NIST CSF 2.0, NIST 800-53, NIST 800-171; ISO/IEC 27001/27002; CIS Controls.</li>\n<li>SOX ITGC, PCI DSS 4.0, GLBA Safeguards Rule, and SOC 1/SOC 2 attestation work — nice-to-have.</li>\n\n</div>"
    },
    {
      "text": "Required Technical & Operational Expertise Cyber",
      "content": "<div>\n<div><strong data-olk-copy-source=\"MessageBody\">&nbsp;Incident Management</strong></div>\n\n<li>Hands-on experience leading or coordinating IR for ransomware, business email compromise, third-party breach, insider, and nation-state events.</li>\n<li>Working knowledge of NIST SP 800-61, MITRE ATT&amp;CK, and the practical mechanics of containment, eradication, and recovery in complex enterprise environments.</li>\n<li>Comfort coordinating across legal, privacy, communications, forensics (Mandiant, CrowdStrike, Kroll, Unit 42), insurance, and regulators under time pressure.</li>\n<li>Experience drafting and defending incident notifications and regulator communications under NY DFS Part 500, SEC 8-K Item 1.05, GDPR, and state breach laws.</li>\n\n<div><strong>Vulnerability Remediation &amp; Patch Management</strong></div>\n\n<li>Demonstrated experience designing or remediating enterprise VM programs: scanning coverage, risk scoring (CVSS, EPSS, KEV), SLA design, exception governance, and metrics.</li>\n<li>Operational familiarity with Qualys, Tenable (Nessus / Tenable.io / Tenable.sc), Rapid7 InsightVM, Wiz, Microsoft Defender for Cloud, and ServiceNow Vulnerability Response.</li>\n<li>Patch management at scale across Windows, Linux, network, container, and cloud workloads — including the political work of getting business units to actually patch.</li>\n\n<div><strong>Identity &amp; Access Management (IAM)</strong></div>\n\n<li>Strong grasp of IAM domains: identity governance and administration (IGA), privileged access management (PAM), authentication and federation, joiner-mover-leaver, access certification, and SoD.</li>\n<li>Working experience with at least two of: SailPoint, Saviynt, Okta, Azure AD / Entra ID, Ping,&nbsp;CyberArk, BeyondTrust, Delinea.</li>\n<li>Practical experience reducing standing privilege, designing role models, and remediating common findings (orphaned accounts, toxic combinations, shared service accounts, weak recertification).</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1781809852115,
  "updatedAt": null,
  "categories": {
    "team": "Technology Team",
    "location": "New York City, New York",
    "commitment": "Full Time Permanent",
    "allLocations": [
      "New York City, New York"
    ]
  },
  "salaryRange": null,
  "workplaceType": "hybrid"
}