Senior Cyber Security Analyst

Cascade Asset Management Company (“Cascade”) is proud to protect and grow capital in service of Bill Gates and the Gates Foundation Trust in support of their mission-related and philanthropic activities.  Mr. Gates and the Foundation Trust are committed to creating a world where every person has the opportunity to live a healthy, productive life.   Located in the Seattle area, Cascade applies its fundamental, long-horizon investment approach across asset classes and geographies, primarily through direct investing, as well as through a select group of funds and segregated accounts.  Cascade offers the unique blend of being part of a team that manages a multi-billion-dollar portfolio while also working with professionals in a culture that values intellectual curiosity, collaboration, and respect.
Team DescriptionThe Technology team is responsible for providing high-quality technical support to our internal clients. We are comprised of world-class Technology Service Desk, systems administration, development, cybersecurity and project management teams.  We are small and adaptable; this role will have the opportunity to support a wide variety of key IT initiatives, programs, processes, and daily activities.
Position Description Reporting to the Director of Information Security, the Senior Cyber Security Analyst plays a key role in maintaining the organization’s security posture. The Senior Analyst is responsible for identifying, assessing, and mitigating security risks across the organization. This role entails risk analysis and reporting, hands-on operations, and a variety of project work. The successful candidate will have a broad set of technical skills, knowledge, and excellent interpersonal abilities. As a member of a small team facing varied and competing requests, adaptability and versatility are crucial.

Key Responsibilities

• Risk Assessment and Analysis:
• Identify and assess potential cyber risks across the organization’s IT infrastructure, systems, and data.
• Analyze security incidents and vulnerabilities to understand their potential impact and recommend remediation actions.
• Develop and implement risk mitigation plans and controls to address identified vulnerabilities.
• Conduct regular risk assessments, security audits, and threat modeling exercises.
• Monitor and track the effectiveness of implemented security controls.
• Participate in security assessments, including third-party vendor security evaluations and risk assessments.
• Work with internal assurance and risk functions on periodic assessments, process reviews and projects.
• Third Party Cyber Risk Management:
• Work closely with Third Party Risk team to define cyber risk assessment standards and procedures.
• Act as an escalation point and a subject matter expert for third party cyber risk assessments.
• Work with external cyber risk service to ensure cyber risk assessments are properly managed, remediated and reported. 
• Coordinate with business owners on vendor cyber risk assessments.
• Monitor and report on the Third-Party Cyber Risk Management program.
• Threat Intelligence:
• Use various tools and platforms, including open source, to monitor and interpret threat data.
• Generate reports and briefings on threat intelligence findings, detailing threats, potential impact, and recommended mitigation strategies.
• Work with threat intelligence service providers to ensure appropriate continuous monitoring and coverage for key events and assets relevant to the company.
• Reporting and Collaboration:
• Prepare and present regular reports on cyber risk posture, security incidents, and key performance indicators (KPIs) to the Director of Information Security and other stakeholders.
• Communicate complex security information in a clear and concise manner to both technical and non-technical audiences.
• Contribute to the development and maintenance of security policies, procedures, and standards.
• Enhance and maintain security dashboards, tracking key security metrics, providing transparent reporting for key stakeholders.
• Work with internal assurance and risk functions to ensure the organization complies with appropriate standards.
• Security Operations and Projects:
• Act as an escalation point and coordinator for the external 24/7 SOC and other key security vendors.
• Assist with and participate in post-incident reviews and lessons learned sessions to improve incident response processes and procedures.
• Use tools such as SIEM, EDR, and identity management platform for monitoring, alerting, and mitigating security incidents, ensuring prompt response and resolution across teams.
• Serve as a liaison between Cascade and key security vendors.
• Assist with patch & vulnerability management, vulnerability tracking, and timely SLA management, while collaborating with cross-functional teams to prioritize and address critical vulnerabilities.
• Evaluate, select, deploy and maintain new security tools, technologies, or platforms to enhance security posture.
• Plan, coordinate and execute cybersecurity projects.
• Assist as needed with day-to-day tasks, maintaining ongoing security operations and responding to security escalations.
• Support incident response efforts in the event of a major security incident or breach, working with other teams to resolve issues and restore systems.
• Perform other related duties as assigned.

Skills and Qualifications

• Bachelor’s degree in CS, Information Systems, Engineering, Business, or a related field.
• 8+ years of experience in a cybersecurity role in an enterprise environment.
• Excellent communication (oral, written, presentation) and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Proficiency in basic data analysis and reporting.
• Ability to work well in a team environment.
• Proficiency with Microsoft Windows, M365, Microsoft Active Directory, Microsoft Azure.
• Familiarity with security and privacy risk frameworks like NIST, SOC 2, SOX, HIPAA, ISO 27001.
• Experience working with security operations-related functions, including working cross-functionally with IT, GRC, legal, and other departments.
• Must show attention to detail and the ability to multi-task in a rapidly changing environment, and the ability to work independently.
• Maintains a high standard of ethics, professional judgement and personal conduct.
• Certifications (Preferred):
• Security management certifications such as ISC2, CISSP, CISM.
• Other:
• This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
• Occasional lifting, handling, pushing, or moving objects up to 50 lbs.

What We ValueCascade values diversity, equity, and inclusion and is deeply committed to providing equal employment opportunies for all employees and all applicants seeking employment. All employment decisions are based on a candidate’s or employee’s capabilities and qualifications without regard to race, color, creed, religion, sex, sexual orientation, gender expression or identity, age, national origin, citizenship, veteran, military, marital status, sensory, physical, or mental disability, genetic information, or any other status or characteristic protected by applicable law. Questions regarding accommodation requests due to a disability should be directed to Human Resources.  Employment RequirementsUpon hire, you are required to present proof of your eligibility to legally work in the U.S.