Cyber Risk Analyst

About The Position

Requirements

• Bachelor’s degree in computer sciences, Information Security, Information Systems, Engineering, Sciences or relevant professional experience.
• 5+ years of hands-on experience in vulnerability management, cyber risk, or related roles within enterprise IT environments.
• Proficiency with vulnerability scanning and security testing tools (e.g., Tenable, Qualys, Rapid7, Falcon Spotlight, AppScan) and using results to improve security operations.
• Experience across infrastructure systems, endpoints, network devices, and cloud platforms (AWS, Azure, Microsoft 365/O365).
• Ability to interpret, prioritize, and report technical risk from vulnerability data using analytics and data visualization tools (e.g., Power BI, Tableau).
• Working knowledge and practical application of security frameworks and compliance requirements (e.g., NIST, PCI-DSS, HIPAA, ISO 27001).
• Experience coordinating remediation across technical and business teams, managing SLAs, and improving remediation processes.
• Understanding of vulnerability assessments, security policy development, enterprise security strategy, architecture concepts, and governance practices.
• Broad understanding of security technologies, core security principles, control frameworks, and risk considerations for both on-prem and cloud solutions; familiarity with threat modeling concepts.
• Ability to research vulnerabilities and exploit techniques and translate findings into operational improvements.
• Hands-on capability to troubleshoot complex issues and implement solutions in enterprise environments.
• Strong project management skills with ability to manage multiple priorities in fast-paced operational environments.
• Strong written/verbal communication skills; ability to present clearly, negotiate effectively, and influence stakeholders across levels; able to work independently and in teams.
• High standards of ethics, professionalism, and integrity.
• Ability to articulate business-focused security outcomes that guide service direction and improve security posture.

Nice To Haves

• Experience in regulated industries (e.g., pharmaceuticals) is desirable.

Responsibilities

• Own the enterprise cybersecurity risk register, taxonomy, and exception workflows with clear escalation thresholds.
• Define and track KRIs/KPIs (e.g., residual risk, SLA compliance, control effectiveness); deliver executive dashboards and briefings.
• Ensure asset and telemetry data quality and coverage; standardize with a Common Information Model (CIM).
• Drive prioritized remediation roadmaps; enforce SLAs with automated reminders and escalations; verify fixes via retest.
• Integrate post-incident lessons into the risk register and backlog; validate controls through purple-team exercises.
• Include third‑party/vendor and application security findings for a holistic enterprise risk view.
• Map risks to policies and regulatory frameworks (NIST, ISO 27001, PCI-DSS, HIPAA); support audits and evidence collection.
• Continuously improve VM processes, tooling, and control designs; measure the efficacy of controls and exceptions.
• Be hands-on: query/validate data, build metrics/dashboards, and translate technical issues into clear risk treatment plans.
• Engage stakeholders to drive decisions and timelines; tie outcomes to OKRs focused on risk reduction and faster decision cycles.

Benefits

• competitive healthcare and retirement savings benefits
• an array of benefits, policies and programs to support employee well-being in every sense, from health and financial wellness to family and lifestyle resources.