Senior Cyber and Technology Risk Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Management, Business or related field or equivalent combination of education and work experience.
• 5+ years of similar or related experience in first or second-line of defense cybersecurity, technology, or data risk management and/or IT audit or related consulting or professional services.
• Experience in leading the evaluation of security and technology controls against cyber, technology, and privacy regulations, standards and frameworks (e.g., FFIEC, ISO 27001, NIST CSF, NIST AI RMF, COBIT, SOC2, PCI, ITIL, DORA, FAIR, etc.).
• Experience leading the development and documentation of IT processes and controls.
• Advanced understanding of the purpose, application, and integration of enterprise‑wide cybersecurity and technology risk concepts.
• Demonstrated ability to analyze technology and security risk solutions, independently scope and execute risk assessments, and assess complex risk scenarios across domains such as vulnerability management, resilience, SDLC, infrastructure, cloud, data governance, and AI governance.
• Strong working knowledge and applied experience with cyber, technology, and privacy regulations, standards, and frameworks (e.g., FFIEC, ISO 27001, NIST CSF, NIST AI RMF, COBIT, SOC 2, PCI, CCPA, ITIL, DORA, FAIR). Applies subject-matter expertise to interpret regulatory intent, assess applicability, identify gaps, and translate requirements into practical expectations for first line teams.
• Proven ability to independently manage and prioritize work in a fast‑paced environment with competing demands. Demonstrates sound judgment when navigating ambiguity, balancing risk, regulatory expectations, and business objectives, and proactively identifying when to escalate or recalibrate priorities.
• Excellent written and verbal communication skills, with demonstrated experience drafting and reviewing policies, standards, procedures, control documentation, and risk assessments. Ability to clearly articulate risk, control gaps, and recommendations to technical teams, business partners, and senior management in a concise, actionable manner.
• Demonstrated initiative and continuous learning mindset, with the ability to apply new knowledge, emerging risks, and evolving best practices to improve program maturity. Willingness to take on stretch assignments and lead problem‑solving efforts for complex or novel risk topics relevant to MACU.
• Strong collaborative problem‑solving and stakeholder engagement skills. Demonstrated ability to gather and synthesize information from diverse sources, exercise independent judgment, and support and drive resolution of issues through influence rather than authority, while maintaining a strong customer‑service orientation.
• Consistently strong contributor to team effectiveness and quality outcomes. Understands how individual work connects to broader enterprise risk objectives and strategic priorities. Provides informal mentorship, peer review, and knowledge sharing to elevate overall team capability and consistency.
• Proficient in Microsoft Office tools, including Copilot, with the ability to leverage technology to improve analysis, documentation quality, efficiency, and reporting.
• Ability to sit, talk and hear consistently
• Close vision (clear vision at 20 inches or less)
• Distance vision (clear vision at 20 feet or more)
• Color vision (ability to identify and distinguish colors)
• Ability to lift up to 10 pounds frequently and up to 25 pounds occasionally

Nice To Haves

• Advanced degree or equivalent work experience preferred.
• Experience with Archer or other GRC automation tools preferred.
• Experience working in banking, financial services, or other regulated environment preferred.
• Working knowledge of major regulatory/legal frameworks (US/international) driving requirements across technology organizations preferred.
• Working knowledge of risk/control issues in relation to evolving technology (e.g., blockchain, AI/Machine Learning, cloud, quantum computing, etc.) preferred.
• Certification from recognized security, technology, or risk management body (e.g., CISSP,CEH, CISA/CISM, CRISC, GIAC, FAIR, etc.) is preferred.

Responsibilities

• Contribute to strategic direction and participate in the execution of roadmap to enhance MACU’s cybersecurity and technology risk management capabilities. Help shape priorities, sequencing, and success measures for assigned program areas.
• Actively assist leadership in developing project plans, roadmaps and status reporting for risk assessments, control testing, standards and training documentation, and other risk management activities.
• Develop and implement testing approaches and strategies to assess the design and operating effectiveness of controls.
• Lead the design, conduct, and document tests of controls, process walkthroughs, and risk assessments to evaluate design and effectiveness.
• Intake, triage, analyze, and rate (inherent/residual) cybersecurity and technology risks in collaboration with subject matter experts and risk owners. Facilitate alignment and drive completion of risk treatment decisions. Coordinate and perform continuous monitoring of risk treatment activities.
• Assess risk and control gaps of IT systems, processes, and procedures. Ensure control gaps and other risk issues are documented and reported. Review remediation plans and provide feedback to ensure plans are sufficient to ensure sustainable remediation. Monitor remediation progress, identify blockers, and escalate concerns when risk reduction is not on track.
• Evaluate and provide guidance to first line of defense Cybersecurity and Technology teams related to their standards, processes, controls, and risk exceptions.
• Research, understand, and interpret regulations and frameworks that relate to cybersecurity, technology, privacy, and data. Stay aware of changes and educate key stakeholders regarding changes to existing and new regulations and recommended response considerations for MACU. Work closely with the risk owners and Legal, Risk Management, and Compliance teams to ensure compliance with applicable laws and regulations.
• Develop and maintain procedures and training related to risk frameworks, standards, and roles and responsibilities for first line Cybersecurity and Technology teams to ensure effective identification of risks, implementation of controls, monitoring of controls, and reporting on the control environment and any corresponding issues or risks. Improve adoption by translating expectations into actionable guidance and job aids.
• Actively identify and lead implementation of process improvements and efficiencies.
• Support regular and ad-hoc reporting on findings, metrics, and recommend mitigations to first and second line of defense leadership. This includes ad-hoc and scheduled meetings with leadership and risk owners. Coordinate and oversee third-party independent risks assessments as necessary to improve the IT risk program and control environment. Define scope, evaluate outputs, and ensure recommendations are actionable.
• Review and provide guidance and quality control for technology and security related Key Risk Indicators (KRIs). Improve the reliability, definition, and thresholds so KRIs drive decisions and action.
• Lead special projects and perform other duties as assigned.