Sr. Cybersecurity Risk Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity risk, governance, or compliance roles.
• Experience building or maintaining a cybersecurity risk register and risk management processes.
• Strong understanding of security frameworks (e.g., NIST, CMMC, ISO 27001).
• Experience conducting third-party/vendor risk assessments.
• Strong analytical, problem-solving, and risk evaluation skills.
• Ability to translate technical risks into business impact.
• Strong written and verbal communication skills.

Nice To Haves

• Experience supporting CMMC assessments or similar regulatory compliance programs.
• Familiarity with manufacturing or operational technology (OT) environments.
• Experience developing security standards or working closely with infrastructure and engineering teams.
• Professional certifications such as CISSP, CISM, CRISC, or similar.

Responsibilities

• Lead the development and ongoing maintenance of the enterprise cybersecurity risk register, including risk identification, classification, ownership, and tracking.
• Conduct and lead risk assessments for systems, applications, projects, and business initiatives.
• Develop and implement risk management processes, methodologies, and reporting metrics.
• Facilitate risk review sessions with business and IT stakeholders to ensure accountability and transparency.
• Develop and track risk mitigation and remediation plans to closure.
• Support and maintain the organization’s CMMC compliance program, including control mapping, evidence collection, and audit readiness.
• Partner with internal stakeholders (IT, Legal, HR, Plant Operations) to ensure alignment with CMMC and other regulatory requirements.
• Assist in preparing documentation and responses for assessments, audits, and regulatory inquiries.
• Monitor evolving compliance requirements and translate them into actionable internal controls.
• Develop and mature a third-party cybersecurity risk management program.
• Conduct security risk assessments of vendors, SaaS providers, Software, and external partners.
• Evaluate vendor security posture, shared responsibility models, and contractual security requirements.
• Partner with procurement and legal teams to integrate security requirements into vendor onboarding and contracting processes.
• Collaborate with IT and engineering teams to develop, implement, and maintain cybersecurity standards and secure configuration baselines.
• Ensure security requirements are embedded into system design, architecture, and operational processes.
• Provide risk-based guidance on system hardening, segmentation, and control implementation.
• Support the development of policies, standards, and procedures that are practical, enforceable, and auditable.
• Communicate risk findings, trends, and recommendations to technical and non-technical stakeholders, including leadership.
• Develop reporting for executive audiences, including risk summaries, metrics, and program maturity updates.
• Support audit committee and leadership reporting as needed.
• Stay current on cybersecurity threats, regulatory changes, and industry best practices.
• Identify opportunities to improve risk visibility, coverage, and program efficiency.
• Mentor junior analysts and contribute to the maturity of the GRC function.