Senior Cyber Risk Analyst

About The Position

Requirements

• One or more industry-recognized certifications such as CompTIA Security+, CISA, CISM, CISSP, or equivalent
• Hands-on experience with GRC tools (Archer, ServiceNow GRC, Vanta, etc.) and formal risk assessment methodologies
• Strong working knowledge of risk management frameworks (NIST, ISO, and CIS) and regulatory requirements for HIPAA compliance
• Broad security domain expertise, including cloud environments, SDLC, application security, data protection and enterprise architecture.
• 5+ years of experience in cyber risk management, control assurance, or information security governance
• Bachelor's degree or equivalent work experience in Information Technology, Cybersecurity, or a related discipline

Responsibilities

• Own and maintain the organization’s information security and IT policies, ensuring align with industry standards and are functionally enforceable in the organization.
• Develop risk posture reporting for senior leadership, including risk assessments, control effectiveness, and risk register updates, tailoring depth and messaging to technical and executive audiences
• Manage the control framework and library by identifying control gaps across technology domains and leading annual control testing and enterprise security assessments
• Lead enterprise cyber risk management activities including identifying and quantifying cybersecurity risks using standardized risk rating methodologies
• Maintain the enterprise risk register and oversee cybersecurity remediation efforts while advising on compensating controls and interim risk treatment strategies
• Partner cross-functionally with legal, technology, product, and business teams to understand regulatory obligations, risk tolerance, and remediation priorities
• Coordinate and facilitate cross-functional remediation discussions while tracking progress and driving accountability for risk reduction
• Own the third-party risk management process, including vendor security questionnaires, risk assessments of new and existing vendors, and development of remediation plans to address identified security gaps
• Ability to work independently and drive end-to-end initiatives with minimal supervision
• Understanding of DevOps, security architecture, and security configurations, enabling effective collaboration with engineering, product, and infrastructure teams to identify and mitigate risks
• Adaptability and resilience in an evolving environment
• Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and enterprise technologies.
• Proven ability to translate complex technical risks into clear business impacts and actionable, risk-based recommendations for stakeholders.
• Excellent analytical, written, and verbal communication skills with the ability to influence decision-making across technical and non-technical audiences