Senior Cybersecurity Risk Analyst

About The Position

Requirements

• Bachelor’s Degree in relevant field (e.g., Cybersecurity, Risk Management, Computer Science, Computer Information Systems)
• 5+ years of progressive IT experience working within modern IT environments, including cloud-based platforms, enterprise infrastructure, or cybersecurity.
• Knowledge of risk management frameworks, particularly NIST Cybersecurity Framework, NIST Risk Management Framework, and the FAIR model.
• Excellent communication and stakeholder engagement skills, including the ability to clearly and concisely translate complex technical details into business-relevant terms for non-technical stakeholders, and effectively communicate high-risk issues for timely escalation and decision-making.
• Holds, or must be willing to obtain professional certification such as CRISC, CISA, or CISSP, within 12-18 months of hire.

Nice To Haves

• 5+ years' work experience in cybersecurity, risk management, audit, or related field.
• Proficiency in risk analysis, documentation, and reporting.
• Experience with industry recognized GRC platforms
• Proficiency in one or more programming or scripting languages (e.g., Python, PowerShell) to automate risk analysis tasks, streamline reporting, and integrate with APIs for data collection and system integration.
• Technical expertise in system architecture, virtualization, and network security, with the ability to assess and mitigate risks across hybrid environments.

Responsibilities

• Collaborate with cybersecurity, IT, and business stakeholders to identify, assess, and mitigate risk exposure.
• Lead and conduct cybersecurity and IT risk assessments across systems, applications, and business processes.
• Maintain and enhance risk register, dashboards, and risk reporting mechanisms.
• Analyze risk trends and develop actionable insights to inform strategic enterprise decision-making.
• Develop and refine cybersecurity policies, standards, and procedures in alignment with industry best practices.
• Monitor emerging threats, vulnerabilities, and regulatory changes, and assess their impact on enterprise risk.
• Provide mentorship and guidance to junior analysts and contribute to team knowledge sharing.
• Participate in incident response and post-incident risk analysis to identify root causes and recommend improvements.
• All other duties and projects as assigned