IT Governance and Risk Analyst

About The Position

Requirements

• A Bachelors level degree in IT / IS / Cybersecurity or equivalent level of relevant industry experience.
• At least 5 or more years of demonstrable relevant experience in the industry, specifically in the cybersecurity space.
• Core skills must include risk assessment, analytical thinking, communication, and strong knowledge of cybersecurity frameworks, regulatory obligations, and evolving threat landscapes.
• Ability to analyze situations accurately and make informed, productive decisions using appropriate tools and judgment.
• Skilled in simplifying and summarizing complex technical information using clear, audience appropriate communication techniques.
• Able to recognize, anticipate, and resolve organizational or operational issues using structured problem solving methods.
• Knowledge of effective planning, organizing, monitoring, and resource coordination to achieve project objectives.
• Ability to apply technology knowledge to develop solutions for significant technical challenges.
• Understands compliance processes and standards; enhances internal controls as requirements evolve.
• Aligns cybersecurity programs and standards with regulations, business context, and threat landscapes.
• Applies security policies, standards, and procedures to ensure compliance.
• Uses mathematical and statistical tools to perform accurate analysis and measurement.

Nice To Haves

• OpenFAIR, CCSK, CISSP, CISM, or equivalent are highly desirable.

Responsibilities

• Monitor and improve IT risk processes, tools, and documentation
• Update risk scenarios, benchmarks, and mitigation strategies
• Maintain the Information Security Management System (ISMS)
• Advise on balancing security controls with business impact
• Conduct cybersecurity risk assessments and identify control gaps
• Document results, prepare management reports, and drive remediation
• Support and train teams on RCSA standards and methodologies
• Develop and maintain data, process, and event based risk models
• Quantify risk, validate models, and communicate findings to stakeholders
• Gather, analyze, and document cybersecurity risk data
• Maintain the risk register and data libraries
• Partner cross functionally to implement risk mitigation
• Stay current on cyber threats, regulations, and industry best practices

Benefits

• Competitive Base Salary
• Paid Overtime
• Regional Bonus (when applicable)
• Industry-leading Benefit Plans (Medical, Dental, Vision, Rx)
• Paid time off, including vacation, holidays, shutdown
• Company Paid Short-Term and Long-Term Disability
• 401(K) Plan with company match + additional contribution
• Advancement Opportunities
• Career Mobility
• Education Reimbursement for Continued Learning
• Training and Development programs
• Tuition Assistance & Student Loan Repayment
• Lifestyle Account
• Childcare Reimbursement Account
• Elder Care Support
• Wellbeing Program
• Community Service and Engagement Programs
• Product Programs