Senior IT Cybersecurity Risk Analyst

About The Position

Requirements

• Bachelor’s degree in information security, computer science, information systems, or a related field, or equivalent work experience.
• Eight or more years of experience in cybersecurity, IT risk management, IT audit, or related disciplines.
• Demonstrated experience assessing the effectiveness of security controls in operational environments.
• Strong working knowledge of the CIS Critical Security Controls, NIST 800-171, GLBA Safeguards, and related guidance such as NIST CSF or ISO 27001.
• Experience translating framework expectations into practical security recommendations that balance risk, usability, and available resources.

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, or CRISC is preferred.
• Experience in higher education or similarly complex, mission-driven organizations is preferred.
• Experience with risk or GRC tooling and security metrics is preferred.

Responsibilities

• Perform cybersecurity and information risk assessments for systems, applications, vendors, and business processes, using the CIS Critical Security Controls as a practical foundation while aligning to NIST 800-171 and GLBA Safeguards requirements.
• Evaluate the design and operating effectiveness of administrative, technical, and physical security controls, focusing on whether controls meaningfully reduce risk rather than simply meeting documented requirements.
• Use CIS Critical Security Controls to assess control maturity and identify actionable improvements, applying NIST 800-171 and GLBA Safeguards as supporting frameworks where required.
• Translate technical findings into clear, business-focused risk statements that describe impact, likelihood, and practical mitigation options.
• Partner with system owners, data owners, and IT teams to define remediation strategies, compensating controls, or acceptable risk decisions, and to actively track, escalate, and report on progress until risks are reduced or formally accepted.
• Assess day-to-day security practices, including access management, incident response readiness, monitoring practices, vendor oversight, and data protection.
• Support institutional efforts to strengthen cybersecurity posture through incremental improvements that deliver measurable risk reduction.
• Provide consultative guidance to IT and business teams on secure design, implementation, and operation of systems and services.
• Support third-party and vendor risk assessments with emphasis on actual control effectiveness and operational risk.
• Track cybersecurity risks, remediation progress, and trends to support leadership and governance reporting.
• Contribute to the development and refinement of practical risk assessment methods, security standards, and guidance.
• Participate in audits, reviews, and regulatory inquiries by providing risk-based analysis, context, and evidence.
• Stay current on evolving cyber threats, control practices, and framework guidance relevant to higher education.
• Accountable for initiating, coordinating, and driving cybersecurity incident response activities to resolution, including risk-based decision-making, escalation, and post-incident remediation tracking, while leveraging operational teams for technical execution.
• Owns the lifecycle of cybersecurity risks from identification through remediation or formal acceptance, with responsibility for ensuring corrective actions are executed by the appropriate operational owners.
• Holds operational teams accountable for implementing agreed-upon cybersecurity controls and remediation activities through defined governance, escalation, and reporting mechanisms, escalating unresolved risks and execution gaps to IT and University leadership as necessary.
• Validates that agreed remediation actions are not only planned but are operating effectively in practice and delivering measurable risk reduction.
• Depending on initiatives, occasional travel to university locations may be required.
• Perform other duties as assigned.

Benefits

• We offer a comprehensive benefits package, including a tuition waiver and reimbursement program, health insurance, paid time off, and a retirement savings plan with company match.