Cyber Risk Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or a related field.
• Targeting 3 years of progressively responsible experience in cyber risk, information security, or IT audit.
• Proven ability to conduct risk assessments and audits of IT systems, applications, and third-party vendors.
• Strong understanding of regulatory frameworks and standards including NIST, ISO 27001, SOX, GDPR, NIS 2 Directive, and FAIR.
• Skilled in developing and maintaining risk registers, mitigation plans, and incident response strategies.
• Proficient in GRC platforms such as OneTrust, with experience in tool configuration and workflow optimization.
• Strong analytical, organizational, and communication skills.
• Skills to translate technical risk findings into actionable insights for senior leadership and non-technical stakeholders.
• Ability to manage multiple priorities and work cross-functionally in a fast-paced environment.
• Ability to travel on occasions.
• Must be able and willing to travel on occasion.

Nice To Haves

• Advanced certifications (CISM/CRISC/CISA/FAIR/CISSP) strongly preferred.
• An equivalent combination of relevant education and experience may be considered.

Responsibilities

• Conduct risk assessments and audits of IT systems, applications, and third-party vendors.
• Perform contract reviews with a focus on cybersecurity terms and third-party risk implications.
• Develop and maintain risk registers, mitigation plans, and incident response strategies.
• Perform and maintain Business Impact Analysis (BIA) of key systems and vendors.
• Maintain the Business Continuity and Disaster Recovery Plan (BCDRP).
• Collaborate with stakeholders across Legal/Compliance/Privacy, Procurement, IT, and various business units to implement security controls and improve overall risk posture.
• Maintain and enhance Governance, Risk, and Compliance (GRC) tools, such as OneTrust.
• Align cyber risk activities with relevant regulatory requirements (CCPA, U.S. SEC, GDPR, NIS 2 Directive, etc.).
• Support SOX and ITGC compliance efforts, including audit preparation, evidence collection, and control testing.
• Contribute to the development and maintenance of security policies, procedures, and training programs.
• Prepare risk reports for senior leadership and non-technical stakeholders, translating technical findings into business-relevant insights.
• Ensures that all actions, both internally and externally, working on Acadia’s behalf are in compliance with all laws regulations, policies and demonstrates Acadia values.
• Other responsibilities as assigned.