Cyber Risk Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or a related field. Targeting 3 years of progressively responsible experience in cyber risk, information security, or IT audit. An equivalent combination of relevant education and experience may be considered.
• Proven ability to conduct risk assessments and audits of IT systems, applications, and third-party vendors.
• Strong understanding of regulatory frameworks and standards including NIST, ISO 27001, SOX, GDPR, NIS 2 Directive, and FAIR.
• Skilled in developing and maintaining risk registers, mitigation plans, and incident response strategies.
• Proficient in GRC platforms such as OneTrust, with experience in tool configuration and workflow optimization.
• Strong analytical, organizational, and communication skills.
• Skills to translate technical risk findings into actionable insights for senior leadership and non-technical stakeholders.
• Ability to manage multiple priorities and work cross-functionally in a fast-paced environment.
• Ability to travel on occasions.
• Must be able and willing to travel on occasion.

Nice To Haves

• Advanced certifications (CISM/CRISC/CISA/FAIR/CISSP) strongly preferred.

Responsibilities

• Conduct risk assessments and audits of IT systems, applications, and third-party vendors.
• Perform contract reviews with a focus on cybersecurity terms and third-party risk implications.
• Develop and maintain risk registers, mitigation plans, and incident response strategies.
• Perform and maintain Business Impact Analysis (BIA) of key systems and vendors.
• Maintain the Business Continuity and Disaster Recovery Plan (BCDRP).
• Collaborate with stakeholders across Legal/Compliance/Privacy, Procurement, IT, and various business units to implement security controls and improve overall risk posture.
• Maintain and enhance Governance, Risk, and Compliance (GRC) tools, such as OneTrust.
• Align cyber risk activities with relevant regulatory requirements (CCPA, U.S. SEC, GDPR, NIS 2 Directive, etc.).
• Support SOX and ITGC compliance efforts, including audit preparation, evidence collection, and control testing.
• Contribute to the development and maintenance of security policies, procedures, and training programs.
• Prepare risk reports for senior leadership and non-technical stakeholders, translating technical findings into business-relevant insights.
• Ensures that all actions, both internally and externally, working on Acadia’s behalf are in compliance with all laws regulations, policies and demonstrates Acadia values.
• Other responsibilities as assigned.

Benefits

• Competitive base, bonus, new hire and ongoing equity packages
• Medical, dental, and vision insurance
• Employer-paid life, disability, business travel and EAP coverage
• 401(k) Plan with a fully vested company match 1:1 up to 5%
• Employee Stock Purchase Plan with a 2-year purchase price lock-in
• 15+ vacation days
• 13 -15 paid holidays, including office closure between December 24th and January 1st
• 10 days of paid sick time
• Paid parental leave benefit
• Tuition assistance