The purpose of the Cyber Senior Analyst – Enterprise Risk & Effectiveness position is to support the Enterprise Cybersecurity Risk and Effectiveness programs. This individual must demonstrate ability to break down complex problems, analyze data, identify patterns, and use logical reasoning to propose, develop and implement solutions. This individual will assist in the development of the Cybersecurity Risk Program as well as lead the development and maintenance of subcomponents of the program. This person must be confident, independent, detail oriented. The incumbent will engage with members of the operations and leadership teams across Cybersecurity and will be responsible for aggregating all cyber risk, communicating enterprise cyber risk and supporting operational effectiveness of the GRC team. The Cyber Senior Analyst, Cyber Enterprise Risk position will report to the System Manager, Policy & Assurance, Audit, Risk, and Effectiveness as part of the IT Audit, Risk, & Effectiveness team supporting the Cybersecurity Risk Management & Effectiveness programs for the greater CommonSpirit organization. Conduct detailed data and risk analysis to identify key trends and provide actionable insights for leadership to help inform cybersecurity strategy, process maturity, and planned remediation. Support the management of the Cybersecurity Enterprise Risk program lifecycle, including enhancing and developing documentation, analysis, risk calculation, program enhancements, and reporting of Cybersecurity enterprise risk program. Collect and analyze scope of relevant projects, risk treatment data, or other cyber data to assess impact to overall cyber risk and organize meaningful information and present information and data in various risk models. Perform intermediate to complex qualitative and quantitative risk analysis in support of risk aggregation and Cybersecurity enterprise risk management activities. Provide input into strategy development and enhancements for the broader Cybersecurity enterprise risk program. Manage and lead quarterly Tier 3 Risk Council and threat intelligence input sessions with stakeholders and leadership across Cyber and IT. Prepare and deliver recurring quarterly cybersecurity enterprise risk reporting on an agreed upon schedule. Assist in development of quarterly risk reporting for the Audit and Compliance Committee of the Board and other leadership reporting as needed in support of the Cybersecurity enterprise risk program. Perform data analysis using spreadsheet functionality (i.e. Excel, Google Sheets), including building formulas, use of pivot tables, charts, graphs, and other basic tools for data analysis and data visualization required. Perform basic to complex organizational effectiveness tasks and financial data analysis across Governance, Risk and Compliance to support GRC Budget management, support team collaboration, facilitate GRC contract management and renewals such as tracking and monitoring Contract spend, invoices, & renewals Training and Travel requests and approvals Support maintenance of GRC Intranet google site, google groups, and shared drives Demonstrate strong knowledge of cybersecurity related control frameworks. Apply a foundational understanding of HIPAA, NIST 2.0, CIS 18, and standard cybersecurity principles. Able to understand, document and make recommendations for process improvements to peers and managers. Collaborates with internal and external stakeholders including Manager level and above across the organization. Perform industry research as needed. Perform other job duties as required. The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.