IT Risk Management Senior Analyst
About The Position
We are seeking an IT Risk Management Senior Analyst to help design, implement, and mature our enterprise cybersecurity and technology risk program. This role is ideal for a risk professional who has built risk programs—not just operated them—and who can translate complex technical risks into clear, prioritized, and measurable risk decisions for leaders. You will lead the development of our risk tolerance and thresholds, establish and manage a central risk register, and build a repeatable risk management lifecycle and supporting processes. You will partner across Cybersecurity, Physical Security, IT, Privacy, and business teams to ensure risks are identified, assessed, tracked, mitigated, and reported with consistency and transparency. This position is based in Northville, Michigan and reports directly to the Senior IT Governance Manager of the company.
Requirements
- 5–8+ years of experience in cybersecurity risk management, technology risk, GRC, or operational risk.
- Demonstrated experience setting risk tolerance and thresholds and translating them into practical decision rules.
- Proven track record of building and operating a risk register.
- Experience creating or maturing a risk management lifecycle and supporting processes
- Strong understanding of cybersecurity concepts (controls, threats, vulnerabilities, cloud risk, identity, incident risk, third-party risk).
- Excellent written and verbal communication: ability to deliver clear, executive-ready risk narratives and recommendations.
- Experience with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate, MetricStream) or comparable workflow systems.
- Excellent communication, organization time management and problem-solving skills
- Exceptional track record of building relationships with stakeholders
- Strong multi-tasking skills with the ability to manage multiple projects
- Ability to function as a Team Player and maintain a good working relationship, yet think and act independently with professionalism, discretion and confidentiality
- Excellent communication, organization time management and problem-solving skills
Responsibilities
- Risk Governance
- Define and operationalize risk tolerance and risk thresholds in partnership with leadership and stakeholders.
- Develop and maintain a risk taxonomy, risk scoring methodology, and risk rating guidance to support consistent assessments.
- Create and mature the risk management lifecycle including decision criteria, artifacts, roles, and accountability.
- Risk Register Management
- Establish a scalable security/technology risk register.
- Implement workflows for intake, review, approval, and periodic reassessment.
- Ensure risks are measurable, comparable, and traceable through evidence and documentation.
- Risk Assessment & Treatment
- Partner closely with the IT Compliance team to document risk treatment plans: mitigation, acceptance, transfer, or avoidance; ensure alignment with risk thresholds.
- Develop and manage the process for risk acceptance and exception handling, including decision criteria, approvals, and expiration/renewal.
- Reporting, Metrics & Executive Communication
- Build risk reporting and dashboards that clearly communicate:
- Risk posture against thresholds
- Top risks and trends
- Treatment progress and overdue actions
- Prepare risk summaries for leadership forums
- Process Development & Continuous Improvement
- Create and maintain risk management playbooks, templates, standards, and procedures
- Identify opportunities to streamline risk operations through tooling and automation (GRC platforms, workflow automation, integrations).
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
