Cyber Risk Analyst
New York City | Technology, Data & Innovation
Cyber Risk Analyst
The Office of Technology and Innovation (OTI) leverages technology to drive opportunity, improve public safety, and help government run better across New York City. From delivering affordable broadband to protecting against cybersecurity threats and building digital government services, OTI is at the forefront of how the City delivers for New Yorkers in the 21st century. At OTI, we offer great benefits, and the chance to work on projects that have a meaningful impact on millions of people. You'll have the opportunity to work with cutting-edge technology and collaborate with other passionate professionals who share your drive and commitment to making a difference through technology.
About Cyber Command Cyber Command is charged with protecting all City systems against cyber threats, including systems that deliver vital services to New Yorkers. Headed by the Chief Information Security Officer of the City of New York, we provide in-depth support to over 100 agencies and offices to protect, detect, identify, respond to, and recover from cyber threats.
About This Role The Cyber Risk Analyst will serve in the Cyber Command Risk Program under the direction of the Senior Advisor. They will help shape Cyber Command's approach to risk management, build new risk frameworks and processes, and assess and monitor NYC agencies' cybersecurity risks. Responsibilities will include:
- Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City;
- Manage projects, pushing through ambiguity and challenges which may arise;
- Work with stakeholders across various divisions, soliciting input and working through feedback;
- Review and analyze various cybersecurity risk cases, justifications, and exceptions documents submitted by agencies;
- Assist in developing cybersecurity risk assessment procedures and control testing methodologies based on established frameworks and guidelines;
- Assess NYC agencies' documented information security and technology policies, procedures, and practices.
- Draft risk cases accompanied by working papers, concise controls assessments, and systems testing reports;
- Present risk findings to senior leadership;
- Engage in communications with NYC agencies to assist them in successfully managing risk;
- Handle special projects and initiatives as assigned.
HOURS/SHIFT Day - Due to the necessary technical duties of this position in a 24/7 operation, candidate may be required to work various shifts such as weekends and/or nights/evenings. WORK LOCATION Brooklyn, NY
TO APPLY * Interested applicants with other civil service titles who meet the preferred requirements should also submit a resume for consideration Please go to and search for Job ID #777247 SUBMISSION OF A RESUME IS NOT A GUARANTEE THAT YOU WILL RECEIVE AN INTERVIEW APPOINTMENTS ARE SUBJECT TO OVERSIGHT APPROVAL OTI participates in E-Verify
Minimum Qualifications
A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or, Education and/or experience which is equivalent to "1" above.
Preferred Skills
The successful candidate should possess the following: - 2-3 years of experience in cybersecurity risk management, IT auditing, or policy - Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) - Experience performing security controls assessments - Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services - Understanding of commonly used computer operating systems, databases, network structures - Experience managing projects - Being a highly organized, motivated, and self-directed professional - Ability to work effectively in a team environment - Investigative and analytical skills - Excellent oral and written communication skills - Knowledge of the current and evolving cyber threat landscape - Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy One or more of the following certifications is preferred: o CompTIA Security+ o CompTIA Network+ o CompTIA A+ o CompTIA CySA+ o Cisco Certified Network Associate - CCNA o CEH: Certified Ethical Hacker o GIAC Information Security Fundamentals GISF) o GIAC Security Essentials (GSEC) o ISC)2 Systems Security Certified Practitioner (SSCP) o One or more of the following certifications are a plus: o Certified Information Systems Auditor (CISA) o Certified Information Systems Security Professional CISSP) o Certified in Risk and Information Systems Control (CRISC) o Certified Information Security Manager (CISM)
Public Service Loan Forgiveness
As a prospective employee of the City of New York, you may be eligible for federal loan forgiveness programs and state repayment assistance programs. For more information, please visit the U.S. Department of Education's website at
Residency Requirement
New York City Residency is not required for this position
Additional Information
The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.
$100k - $145k
A consulting firm is seeking an Application Vulnerability & Obsolescence Analyst to manage software security for financial clients. The candidate must have at least 3 years of experience in vulnerability management, a Bachelor's degree in IT or Cybersecurity, and familiarity...Suggested$170k - $230k
Job Summary Cyber Security Assurance Analyst - New York Fed - Information Security FunctionThe Cyber Security Assurance (CSA) department assesses risks associated with third‑party vendors, systems, software, IoT devices, industrial control systems, and cloud infrastructure...Suggested- ...Department: Enabling : IT Employment Type: Permanent - Full Time Location: Flexible Description The Cyber Risk & Compliance Analyst supports the cybersecurity function by ensuring accurate, timely, and consistent responses to client-facing compliance requirements and third...SuggestedPermanent employmentFull timeContract workWork at officeFlexible hours
$80k - $100k
Framework Ventures is looking for a Cyber Compliance & Risk Management professional to protect digital assets and enhance organizational resilience. This role involves identifying, assessing, and mitigating cybersecurity risks while ensuring compliance with regulations...Suggested- A cybersecurity consultancy is seeking a Cyber Risk & Compliance Analyst to enhance client trust and ensure compliance with cybersecurity controls. Responsibilities include reviewing RFPs and contracts, managing third-party risk questionnaires, and maintaining up-to-date...SuggestedFull timeFlexible hours
$58.5k - $71.5k
SwiftCruit is looking for a Cyber Security Analyst to assess risks and analyze market trends to protect the organization. The candidate will utilize their knowledge of operational risk and enterprise risk models to develop effective risk management strategies. Qualifications...$170k - $230k
The Federal Reserve Bank of New York is seeking a Cyber Security Assurance Analyst to assess risks related to third-party vendors and cloud infrastructure. This role will involve performing security assessments, managing security testing, and providing guidance throughout...$119k - $140k
...life, CLEAR unlocks the magic of frictionless experiences. As a Cybersecurity Risk Analyst II, you'll help strengthen CLEAR's security posture by identifying, assessing, and reducing cyber risk across our products, technology, and third-party ecosystem. Partnering closely...Full timeCasual workWork at officeFlexible hours- A global consulting firm is seeking an IT Risk & Vulnerability Analyst to ensure software security and compliance for strategic clients. The role involves tracking software versions, collaborating with IT teams, and maintaining accurate reports. Candidates should have...
$100k - $145k
...technology to benefit people and society. Join us and be part of meaningful change! Job Description We are looking for an IT Risk & Vulnerability Analyst to support one of our strategic CIB clients in keeping their software secure and up to date. The ideal candidate has...$70k - $100k
...Join Mizuho as a Risk Tech Analyst! In this role, you will be part of the NPE (New product Enablement) team whose purpose is to support Quants and Risk models validation efforts. The ideal candidate will specifically help generate and assess the calculated data quality...Work at officeLocal areaRemote workWorldwide$60k - $80k
VISTRADA is seeking a remote Cybersecurity Analyst to conduct compliance audits, create policies, and perform penetration testing. The candidate will be responsible for risk management, ensuring cybersecurity practices and tools are adopted by clients. This position is...Remote jobFull time$155k - $175k
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! As a Lead Cyber Risk Advisor, you will be a vital member of the Qualys Cyber Risk Experts Service, supporting enterprise customers with risk analysis,...$45.5 per hour
...technical specifications, and ensuring that information systems adhere to business needs. A strong background in assessing security risks and implementing business solutions is essential. Candidates should be organized, analytical, and effective team players. The position...Hourly payFull time- A dynamic consulting firm in the United States seeks a Senior Associate for its Cyber Security & Data Privacy (CSDP) group. This role involves leading client engagements to implement cybersecurity programs and managing daily compliance operations. Ideal candidates will...
$70k - $100k
...Join Mizuho as a Risk Tech Analyst! In this role, you will be part of the NPE (New product Enablement) team whose purpose is to support Quants and Risk models validation efforts. The ideal candidate will specifically help generate and assess the calculated data quality...Work at officeLocal areaRemote work- ...ever forward. Position Summary Analyses risk to business activities and operations. Identifies... ...operations, processes, structures, and cyber‑risk exposure and quantifies impact.... ...Knowledge One to five years of experience as an analyst in a similar company or related field...Local area
- ...We partnered with a commercial bank is hiring an Enterprise Risk Analyst to support its Enterprise Risk Management (ERM) function. This role provides broad exposure across enterprise risk governance, risk reporting, and operational risk activities, with visibility to...
$65k - $85k
## Risk AnalystApplylocations: US NE - Omaha: US NY - New York City: US NY - Albany: US VA - Richmond: US IL - Chicagotime type: Full... ...manage risks with confidence.**Job Description**The Enterprise Risk Analyst supports the development, implementation, and continuous...Work at officeLocal area- ...Brooklyn, United States | Posted on 12/09/2025 JobTitle: Cyber Command Forensic Analyst Location: Brooklyn, NY 11201 SCOPE OF SERVICES The forensics Analyst will investigate network intrusions and other cyber incidents to determine cause, extent and consequences of the...
$75k - $95k
...Department Profile The cornerstone of Morgan Stanley’s risk management philosophy is the execution of risk-adjusted returns through... ...trading counterparties. Position Summary Morgan Stanley is seeking an Analyst for the Risk Capital group, based in New York. Risk Capital,...Temporary work- ...utility provider in Pennsylvania seeks a GRC Cybersecurity Senior Analyst to ensure compliance with regulatory obligations. This role... ...collaboration with various departments to implement governance and risk management processes. The ideal candidate has a Bachelor’s degree...
- ...Jobot Consulting is seeking an experienced AI Risk & Compliance Analyst to join their Governance, Risk & Compliance team. The ideal candidate will have 5+ years of experience in governance and compliance, along with 2+ years specifically in AI governance. The role involves...
- ...seeks a talented governance professional to enhance its AI governance program based in New York, NY. You will manage AI compliance and risk assessments while collaborating with various teams to ensure the responsible usage of AI capabilities. The ideal candidate will have...
- ...support New York City’s communities. DCWP is seeking to hire a Cyber Security Analyst Level II to join its IT Services Division. Under the... ...above. Preferred Skills Experience in IT audit, enterprise risk management, penetration testing, red team/incident responding...Permanent employmentFull timeWork at office
$102.17k
...Job Description Join the Trinnex Security Team as a Senior Cyber Security Analyst, where you will operate at the intersection of cybersecurity... ...with Mend for software composition analysis (SCA), open‑source risk management, and vulnerability remediation. Experience...H1b$124k - $204.7k
...mission at MSK and around the globe. Exciting Opportunity at MSK: Cyber Security Analyst II Memorial Sloan Kettering (MSK) is a globally recognized... ...Analyst II role focuses on strengthening third‑party risk visibility, enhancing real‑time monitoring capabilities, and...Contract workRemote workMonday to Friday- ...Trinnex is searching for a Senior Cyber Security Analyst to join their Security Team in Jersey City, New Jersey. This role focuses on securing the software development lifecycle for critical systems that support water utilities. You will analyze security threats, manage...
$135k - $140k
...Richemont is seeking a Senior Associate for Cyber Incident Response in New York, NY, responsible for protecting systems and analyzing cybersecurity events. The role involves monitoring network traffic, investigating incidents, and collaborating with IT and security teams...$160k - $258.75k
...NVIDIA is seeking a Cybersecurity Analyst with deep expertise in incident response, forensics investigation, threat hunting, and proactive cyber defense. This role is ideal for a cybersecurity professional passionate about defending enterprise and product environments...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cyber Risk Analyst. Be the first to apply!

