Cybersecurity Risk Analyst

Risk Analyst

The Risk Analyst is responsible for providing guidance on tools to measure and manage risk, identify/mitigate threats, and protect against unauthorized disclosure of confidential information. Risk Analysts duties include assessing the adequacy of security strategies, adherence to security guardrails and calculating the impact of adverse events or threats. Ideal candidates will assist in ensuring effective execution of cybersecurity strategies and our risk management framework by managing relationships with key stakeholders, verifying that IT risks are appropriately mitigated, as well as providing periodic updates on the state of compliance.

Key job responsibilities:

• Advises leadership on cybersecurity initiatives that supports the latest trends in IT security, risk, and controls.
• Facilitates risk assessment exercises, perform compliance and risk monitoring/validation, and other compliance assurance exercises as required.
• Facilitates awareness and training for the information technology risk program elements to ensure responsibilities are understood and executed.
• Coordinates external and internal assurance or advisory audits, representing information technology throughout the lifecycle of the audit (from planning through remediation strategy).
• Monitors, tracks, and reports mitigation and resolution of IT risks.
• Works closely with other technical, incident management, and forensic personnel to develop a broader understanding of the intent, objectives, and activities of cyber threat actors and support the cyber defense program.

Required education / degrees:

Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a similar technical degree. Associate degree with relevant experience may be considered.

Required qualifications / certifications:

• Knowledge of and experience with Industry Policies, Standards and Controls (e.g., NIST 800-53, ISO 27001, COBIT, ITIL, SOX, PCI-DSS, SANS, etc.).
• Understanding of key technology/data concepts such as access control, confidential data, encryption, data privacy, information management, intellectual property, business continuity, disaster recovery, security scans, and 3rd party/vendor applications.
• Strong knowledge of IT organization business processes and systems including (IT Security, data management, architectural and planning, technology life cycle management, regulatory concerns).
• Certifications: Desired but not required - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager, (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).

Required work experience:

Minimum 5 years related work experience in Information Technology field.

Other preferred skills / competencies:

• A self-starter that demonstrates “One Team” behaviors and demonstrated knowledge of effective influencing tactics and strategies.
• Highly organized with ability to prioritize and multi-task, as well as able to thrive in a fast-paced environment.
• Ability to impact decisions, influence and motivate teams, and work with a variety of disciplines, cultures, and environments.
• Communicates in a clear, concise, understandable manner both orally and in writing.
• Ability to explain detailed IT concepts and solutions in business terms and make complex materials clear and engaging.
• Utilizes qualitative and quantitative risk analysis best practices to provide a clear decision-making framework for managing information risk.