The Information Risk Analyst is responsible for assisting with the maturation of the CISO Office Risk Management program. The Analyst will manage the risk register and coordinate with risk owners, process incoming risks including triage scoring and risk articulation, and work with stakeholders throughout the enterprise. This candidate will need good people collaboration skills and experience in managing risks.

• Conduct risk management activities including processing risk intake forms, scoring risks, updating and maintaining the risk register, supporting risk submitter and owners (as needed).
• Partner with risk owners to identify risks or determine mitigations and/or treatment plans and timelines to reduce the risk to the company, as required.
• Collaborate with various stakeholders across the enterprise, including other technology and risk SMEs, to manage risks across the risk management lifecycle.
• Contribute to the advancement of the team IT Risk, and risk management program by collaborating with the team to initiate, design, develop, process engineer, and mature processes and tools as needed.

Minimum Qualifications

• 5+ years of progressive professional experience in an information risk role.
• Information risk experience, cyber risk, GRC with strong Risk background. 
• Demonstrable experience with security risk management assessments and frameworks (e.g., NIST, ISO).
• Technically proficient and self-confident with initiative to perform assigned duties at a high-level of independence under minimal supervision while working within a team environment.
• Excellent communication skills, appropriately adapting based on audience needs, through all mediums – verbally, written, presentation, and listening.
• University degree required but not in a specific field.

Preferred Qualifications

• Technology experience as sysadmin/support combined with information security experience
• Experience with enterprise management platforms (e.g., ServiceNow).
• Any risk modeling hand’s on experience (RSA Archer, RiskLens, RiskQuantifier)
• Training or Certifications in Security or Risk (e.g., ISC2, ISACA, OpenGroup, FAIR). is a Plus 
• Experience in healthcare or biotech industries.