Senior Analyst – Cyber Risk & Control Monitoring

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
• 5+ years of experience in information security, technology risk, control testing/assurance, audit, or GRC
• Hands-on experience coordinating audits/assessments (internal audit, external audit, or customer assurance), including evidence collection and narrative responses
• Experience managing risk/issue registers and driving remediation tracking (owners, due dates, evidence of closure, and risk acceptance)
• Strong written and verbal communication skills, including the ability to produce executive-ready summaries and action-oriented reporting
• Must be legally authorized to work in the United States, without the need for employer sponsorship.

Nice To Haves

• Experience designing and executing control tests (design and operating effectiveness) and documenting test procedures/results
• Strong understanding of control frameworks and regulatory expectations (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS, etc.)
• Experience building dashboards/metrics and presenting control health trends, key risks, and recommended actions
• Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines)
• Familiarity with CCM/monitoring tooling and data sources
• Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one

Responsibilities

• Contribute to the implementation and day-to-day operation of the continuous control monitoring (CCM) program, including control scope, design, improvement, and monitoring cadence, thresholds, and escalation paths
• Monitor control health metrics and risk indicators (KPIs/KRIs) to proactively detect control degradation and configuration drift
• Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions
• Leverage automation and tooling to enhance near-real-time visibility into control health (automated evidence collection, alerting, dashboards, and repeatable test scripts/queries)
• Maintain a control inventory and control-to-evidence mapping aligned to internal policy and external frameworks; ensure controls have clear owners, descriptions, and measurable success criteria
• Develop and maintain control test procedures (what is tested, data sources, sampling/coverage, frequency, and pass/fail criteria) and ensure results are reproducible and audit-ready
• Validate data quality (completeness, timeliness, and accuracy) for CCM feeds and document assumptions, limitations, and compensating checks
• Serve as liaison for internal audit, external audit, and third-party assessments
• Coordinate audit requests, evidence collection, and stakeholder responses across teams
• Ensure consistency, quality, and timeliness of audit deliverables
• Track audit and assessment findings, ensuring appropriate documentation and closure
• Contribute to governance forums by providing insights on risk posture and control maturity
• Partner with Security Engineering & Operations, Enterprise Risk Management, Internal Audit, Privacy & Legal

Benefits

• Support and flexibility to achieve professional and personal goals
• Skill-building
• Leadership development
• Philanthropic opportunities
• Opportunities to build communities and grow your career
• Diverse colleagues with high ethical standards
• Contemporary, supportive, flexible, and inclusive benefits and resources