Cybersecurity Analyst

About The Position

Requirements

• 3+ years of experience in cybersecurity, with exposure to both security awareness and GRC functions
• Demonstrated experience running security awareness programs and phishing simulations
• Familiarity with user access, service accounts and non-human identities review processes and identity/access governance concepts
• Experience completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)
• Strong understanding of cybersecurity principles, threats, and human risk factors
• Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences
• Experience with security awareness platforms, phishing simulation tools, and GRC systems
• Understanding of Identity and Access Management (IAM), including authentication, authorization, and governance
• Knowledge of Privileged Access Management (PAM) and least privileged principles
• Familiarity with automation and scripting to support security and risk processes
• Working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls

Nice To Haves

• Drives behavior changes through effective, targeted communication
• Applies a pragmatic approach to prioritize and manage cyber risk
• Leverages data and metrics to inform decisions and improve programs
• Partners effectively across global, cross-functional teams
• Simplifies complex cybersecurity concepts for diverse audiences

Responsibilities

• Deliver and continuously enhance security awareness programs, including quarterly, threat-informed campaigns
• Execute phishing simulations, including scenario design, targeting, and performance analysis
• Support Cybersecurity Awareness Month and other enterprise-wide engagement initiatives
• Maintain internal cybersecurity resources to promote accessible guidance and best practices
• Contribute to external cyber trust centers/client assurance portals, ensuring accurate and current content
• Monitor and report on human risk metrics, providing actionable insights to stakeholders
• Partner with HR and Internal Communications to strengthen security culture and drive behavior change
• Support user access reviews (UARs), service accounts and non-human identities review ensuring coordination, completion tracking, and audit readiness
• Respond to client due diligence questionnaires (DDQs) on cybersecurity practices
• Support audit activities, including evidence collection and remediation tracking
• Support policy exceptions and technology risk issue tracking and remediation
• Partner with IT, Risk, Legal, and Business teams to align security initiatives
• Support client-facing teams with cybersecurity communications and inquiries

Benefits

• annual performance bonus
• healthcare
• retirement
• vacation
• wellbeing programs