Principal IT Risk Management Analyst

Strayer Education, Inc.

21h

About The Position

At Strategic Education Inc., our mission is to enable economic mobility through education. Through a portfolio of institutions and learning solutions, we focus on serving working adult learners by improving college affordability, enhancing student engagement, and strengthening workforce readiness so our graduates are equipped with the skills needed to succeed in today’s jobs. This mission guides how we operate as an organization, including our approach to enterprise technology and risk management. The Principal IT Risk Management Analyst is a senior‑level role responsible for leading and overseeing comprehensive IT risk management efforts across the organization. This position provides strategic guidance on identifying and assessing complex technology risks and on the development and implementation of effective risk management strategies. The Principal IT Risk Management Analyst partners closely with cross‑functional stakeholders to promote the security, compliance, and resilience of the organization’s IT systems, infrastructure, and processes.

Requirements

Proven leadership skills with the ability to guide cross-functional teams and provide strategic direction.
Strong analytical and problem-solving capabilities to assess complex risk scenarios and recommend effective mitigation strategies.
Ability to write and manage policies
Excellent communication and presentation skills to convey technical information to various stakeholders.
Familiarity with security technologies, security frameworks, tools, and industry best practices.
Project management skills to drive risk management initiatives and improvements.
Ability to adapt to evolving technologies and risks in the IT landscape.
5+ years of experience in a Senior Analyst role or Similar
5+ yrs of experience in IT risk management, with a strong understanding of risk assessment methodologies, frameworks, and regulatory requirements.
5+ yrs experience with Third Party Risk Management.
3+ yrs experience with Artificial Intelligence, Cloud Platforms, and DevSecOps.
3+ with incident response, crisis management, and business continuity planning.
Bachelor's degree in Information Technology, Cybersecurity, IT Risk Management, Business, or a related field
Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) or Project Management Professional are required.
Must be able to travel occasionally should a business need arise.
Ability to work onsite in Corporate or Campus location (in a typical office environment) may be required based on role.
If offsite or hybrid role, must have access to work in setting which enables meeting all requirements of the role (including privacy, reliable internet access, phone, ability to video conference, etc.) at a remote location.
This role may require lifting, however reasonable accommodations will be provided in accordance with our ADA policies.
Must be able to meet critical thinking and problem solving aspects aligned to job duties, as well0 as effectively communicating with co-workers.
Must be able to work more than 40 hours per week when business needs warrant.
Able to access information using a computer.

Nice To Haves

Master's preferred

Responsibilities

Provide thought leadership and strategic direction in IT risk management, aligning efforts with the organization's goals and risk tolerance.
Collaborate with executive leadership to define risk management strategies and objectives.
Identify and assess high-impact IT risks, including emerging cybersecurity threats, regulatory compliance gaps, and operational vulnerabilities.
Analyze complex risk scenarios, evaluating potential business impacts and likelihoods.
Develop and execute comprehensive risk mitigation strategies, ensuring the effective implementation of controls, processes, and frameworks.
Lead the design of risk management initiatives that align with industry best practices and standards.
Work closely with IT, cybersecurity, legal, compliance, and business units to integrate risk management principles into day-to-day operations.
Facilitate communication and collaboration among teams to ensure a unified approach to risk management.
Monitor and interpret relevant IT regulations, standards, and frameworks (e.g., GDPR, FERPA, NIST, ISO 27001, CIS 8) to ensure compliance.
Advise on risk management strategies that address compliance requirements.
Prepare and deliver clear and concise risk reports for executive management and relevant stakeholders.
Communicate complex technical concepts and risk scenarios in a manner understandable by non-technical audiences.
Provide leadership during IT security incidents, guiding incident response teams to minimize impact and ensure effective recovery.
Review and enhance incident response plans to reflect lessons learned and emerging threats.
Identify opportunities to enhance risk assessment methodologies, tools, and processes based on evolving threats and industry trends.
Drive continuous improvement initiatives across the risk management function.
Provide mentorship and guidance to junior members of the risk management team, fostering professional growth and skill development.