Senior Analyst - Cyber Risk & Control Monitoring

Senior Analyst – Cyber Risk & Control Monitoring

Do you want to be part of a collaborative Cybersecurity Governance team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise?

As a Senior Analyst, Cybersecurity Continuous Control Monitoring (CCM), you will contribute to an enterprise-wide program that provides ongoing assurance that key cybersecurity and technology controls are operating effectively. You will translate control requirements into measurable tests and monitoring, partner with control owners to investigate control failures, and drive remediation through to closure. You will continuously seek out opportunities to improve controls including through automation and AI. You may also help to proactively identify risks and gaps and design controls to address them working in collaboration with process owners, risk and internal audit subject matter experts.

This role strengthens audit and regulatory readiness by producing timely, accurate, and repeatable evidence and reporting that supports risk-based decision-making.

You are:

• Passionate about improving control effectiveness through measurable, repeatable monitoring and testing
• Driven to simplify ambiguity, establish operational cadence, and deliver outcomes without constant direction
• Detail-oriented with a strong quality bar for evidence, documentation, and data integrity
• Organized and flexible in managing multiple control domains, stakeholders, and deadlines
• An excellent communicator who can explain control expectations, test results, and remediation requirements in business-relevant terms
• Collaborative and comfortable influencing control owners, engineers, and leaders to drive timely risk reduction
• Analytical, with the ability to interpret logs, reports, and datasets to identify trends and control breakdowns

Required qualifications

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
• 5+ years of experience in information security, technology risk, control testing/assurance, audit, or GRC
• Hands-on experience coordinating audits/assessments (internal audit, external audit, or customer assurance), including evidence collection and narrative responses
• Experience managing risk/issue registers and driving remediation tracking (owners, due dates, evidence of closure, and risk acceptance)
• Strong written and verbal communication skills, including the ability to produce executive-ready summaries and action-oriented reporting

Preferred qualifications

• Experience designing and executing control tests (design and operating effectiveness) and documenting test procedures/results
• Strong understanding of control frameworks and regulatory expectations (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS, etc.)
• Experience building dashboards/metrics and presenting control health trends, key risks, and recommended actions
• Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines)
• Familiarity with CCM/monitoring tooling and data sources
• Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one

You will:

Continuous Control Monitoring

• Contribute to the implementation and day-to-day operation of the continuous control monitoring (CCM) program, including control scope, design, improvement, and monitoring cadence, thresholds, and escalation paths
• Monitor control health metrics and risk indicators (KPIs/KRIs) to proactively detect control degradation and configuration drift
• Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions
• Leverage automation and tooling to enhance near-real-time visibility into control health (automated evidence collection, alerting, dashboards, and repeatable test scripts/queries)
• Maintain a control inventory and control-to-evidence mapping aligned to internal policy and external frameworks; ensure controls have clear owners, descriptions, and measurable success criteria
• Develop and maintain control test procedures (what is tested, data sources, sampling/coverage, frequency, and pass/fail criteria) and ensure results are reproducible and audit-ready
• Validate data quality (completeness, timeliness, and accuracy) for CCM feeds and document assumptions, limitations, and compensating checks

Audit Coordination & Management

• Serve as liaison for internal audit, external audit, and third-party assessments
• Coordinate audit requests, evidence collection, and stakeholder responses across teams
• Ensure consistency, quality, and timeliness of audit deliverables
• Track audit and assessment findings, ensuring appropriate documentation and closure

Reporting & Governance

• Contribute to governance forums by providing insights on risk posture and control maturity
• Partner with:
• Security Engineering & Operations
• Enterprise Risk Management
• Internal Audit
• Privacy & Legal

Reporting Relationships

• As our Senior Analyst, Cybersecurity Continuous Control Monitoring, you will report to our Head of Cybersecurity Governance.

Location

• Three days a week at our Guardian office in New York, NY or Bethlehem, PA

Salary Range:

$95,170.00 - $156,355.00

The salary range reflected above is a good faith estimate of base pay for the primary location of the position. The salary for this position ultimately will be determined based on the education, experience, knowledge, and abilities of the successful candidate. In addition to salary, this role may also be eligible for annual, sales, or other incentive compensation.

Our Promise

At Guardian, you'll have the support and flexibility to achieve your professional and personal goals. Through skill-building, leadership development and philanthropic opportunities, we provide opportunities to build communities and grow your career, surrounded by diverse colleagues with high ethical standards.

Inspire Well-Being

As part of Guardian's Purpose – to inspire well-being – we are committed to offering contemporary, supportive, flexible, and inclusive benefits and resources to our colleagues. Explore our company benefits at Benefits apply to full-time eligible employees. Interns are not eligible for most Company benefits.

Equal Employment Opportunity

Guardian is an equal opportunity employer. All qualified applicants will be considered for employment without regard to age, race, color, creed, religion, sex, affectional or sexual orientation, national origin, ancestry, marital status, disability, military or veteran status, or any other classification protected by applicable law.

Accommodations

Guardian is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. Guardian also provides reasonable accommodations to qualified job applicants (and employees) to accommodate the individual's known limitations related to pregnancy, childbirth, or related medical conditions, unless doing so would create an undue hardship. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact View email address on click.appcast.io. Please note: this resource is for accommodation requests only. For all other inquires related to your application and careers at Guardian, refer to the Guardian Careers site.

Visa Sponsorship

Guardian is not currently or in the foreseeable future sponsoring employment visas. In order to be a successful applicant. you must be legally authorized to work in the United States, without the need for employer sponsorship.

Notice Regarding Guardian's Use of Artificial Intelligence in Recruitment

As part of Guardian's job application process, Guardian may use artificial intelligence tools ("AI Tools") to automate the sorting and filtering of information provided by applicants as part of its preliminary screening. This preliminary screening may be used to help identify applicant materials and resumes relative to their indication that the applicant meets the requirements for the specific job for which they are applying, as specified in the listing posted on Guardian's jobs website (Careers at Guardian at At Guardian, we do not use AI Tools to substantially assist or replace human judgment or discretionary decision making in our hiring process. All hiring decisions will be made by Guardian colleagues.

Please be aware that if you apply for