Senior Consultant - Enterprise Risk Management Analyst

About The Position

Requirements

• 6–8 years of experience in cybersecurity risk management, including leadership of cross-functional initiatives
• Demonstrated success designing and implementing enterprise-level risk methodologies across multiple domains
• Experience managing external audit engagements and serving as a primary liaison with auditors and risk stakeholders
• Proven ability to align risk operations with strategic business objectives through structured planning
• Bachelor’s or Master’s degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or a related field (or equivalent experience)
• Strong expertise in industry-standard cybersecurity frameworks (e.g., NIST CSF, ISO 27001, NIST RMF, CIS Controls, SOC 2, PCI DSS)
• Deep understanding of enterprise risk architecture and integrated control frameworks
• Experience developing operational standards and optimizing workflows for risk management
• Advanced capabilities in methodology development and enterprise framework design
• Excellent stakeholder management and executive communication skills
• Strong facilitation skills with the ability to drive alignment on complex risk topics
• Ability to operate autonomously, remove bottlenecks, anticipate trade-offs, and deliver measurable business outcomes

Responsibilities

• Design and implement enterprise-wide cybersecurity risk assessment methodologies that align with business objectives and regulatory requirements
• Develop operational standards, quality criteria, and workflows to ensure consistency, efficiency, and audit traceability across risk management processes
• Integrate controls across multiple technology and business domains to provide comprehensive risk coverage
• Lead and manage third-party risk assessments, including vendor security evaluations and external audit engagements
• Serve as primary liaison with external auditors and key risk stakeholders, representing the organization’s cybersecurity risk posture and remediation strategies
• Make informed commitments within enterprise governance frameworks related to audits, third-party assessments, and GRC platform initiatives
• Align risk management initiatives with medium-term strategic planning (6–18 months) to support business growth and regulatory expectations
• Facilitate senior leadership workshops on complex risk topics, driving consensus on risk tolerance and treatment strategies
• Coordinate cross-functional risk initiatives across Security, IT, Legal, and Business teams
• Contribute to the evolution of the Enterprise Risk Management roadmap by developing scalable, reusable solutions that enhance program maturity and efficiency
• Educate stakeholders on emerging cybersecurity risks, regulatory requirements, and risk-by-design principles

Benefits

• Medical, Dental, Vision plans
• 401K with matching
• PTO for salaried employees
• Work/life balance – we know there’s more to life than work! We encourage our team to pursue other passions, get outside, and spend time with family. We work with clients and consultants to set expectations for a manageable workload.