Operational Cyber Risk Sr Analyst

About The Position

Requirements

• 8+ years of experience in cybersecurity, security awareness, cyber or operational risk management, or related disciplines
• 3+ years of experience implementing, operating, and tracking security awareness or human risk management solutions
• Experience owning enterprise-level risk programs within an ORM or ERM operating model
• Strong understanding of human-driven cyber risk, policy compliance, and control effectiveness
• Hands-on experience working with databases, analytics, or reporting solutions, including queries, dashboards, or automated reporting
• Proven ability to translate behavioral and cyber risk into executive-level, business-focused risk insights
• Strong project management, analytical, and stakeholder engagement skills
• Experience with security awareness tools and applications, as well as governance, risk, and compliance processes and supporting platforms (e.g., KnowBe4, ServiceNow, Archer, Jira)

Responsibilities

• Own and manage the enterprise security awareness and human‑centric cyber risk program within the broader ORM/ERM framework
• Define strategy, roadmap, execution approach, and success criteria for managing human‑driven cyber risk
• Oversee security awareness activities from a risk management perspective, including user behavior, policy compliance, and related controls
• Assess and respond to evolving threat conditions that impact human risk, including social engineering, fraud, AI‑enabled attacks, and process or control failures
• Leverage databases, analytics platforms, and scripting or query languages to aggregate, normalize, and analyze awareness, behavioral risk, compliance, and remediation data
• Define and maintain enterprise risk metrics, indicators, and KPIs measuring awareness effectiveness, behavioral risk exposure, policy compliance, and control performance
• Develop automated dashboards and executive‑level reporting that communicate human‑centric cyber risk posture, trends, and mitigation effectiveness
• Partner with Risk Management, Compliance, IT, Security, HR, Audit, and Communications teams to embed awareness and policy adherence into enterprise risk processes, policies, and business workflows
• Maintain centralized tracking of awareness‑related issues, remediation actions, and risk treatment outcomes to support traceability and accountability
• Validate remediation closure through evidence review and data analysis related to user behavior, training completion, and policy compliance
• Prioritize issues based on risk severity, likelihood, business impact, and recurrence
• Identify recurring themes or systemic human risk patterns to inform targeted awareness campaigns, policy updates, and control enhancements
• Align security awareness outcomes, behavioral risk indicators, and compliance metrics with enterprise risk management frameworks and reporting structures
• Support Lines of Defense clarity by distinguishing first-line ownership, second-line oversight, and assurance activities related to human-centric cyber risk
• Contribute to RCSA activities, including risk identification, control mapping, control effectiveness assessments, and documentation related to security awareness and policy compliance
• Partner with Operational Risk, Compliance, and Audit teams to support transparency, defensibility, and audit readiness
• Provide subject-matter expertise on human-centric cyber risk, awareness effectiveness, and policy adherence to risk committees and governance forums

Benefits

• health insurance coverage
• wellness program
• fertility and family building aids
• life and disability insurance
• retirement savings plans with a generous 401K match
• paid leave programs
• paid holidays
• paid time off (PTO)