About the job
The Cybersecurity Risk Analyst is responsible for assisting with the maturation of the CISO Office Risk Management program. The Analyst will manage the risk register and coordinate with risk owners, process incoming risks including triage scoring and risk articulation, and work with stakeholders throughout the enterprise. This candidate will need good people collaboration skills and experience in managing risks.
What will you do?
- Conduct cybersecurity risk management activities including processing risk intake forms, scoring risks, updating and maintaining the risk register, supporting risk submitter and owners (as needed).
- Partner with risk owners to identify risks or determine mitigations and/or treatment plans and timelines to reduce the risk to the company, as required.
- Collaborate with various stakeholders across the enterprise, including other technology and risk SMEs, to manage risks across the risk management lifecycle.
- Contribute to the advancement of the team's IT Risk, and cybersecurity risk management program by collaborating with the team to initiate, design, develop, process engineer, and mature processes and tools as needed.
Qualifications
- 6+ years of progressive professional experience in a cybersecurity or information risk role. (Staff)
- Information risk experience, cybersecurity Risk, GRC with strong Risk background.
- Demonstrable experience with security risk management assessments and frameworks (e.g., NIST, ISO).
- Technically proficient and self-confident with the initiative to perform assigned duties at a high level of independence under minimal supervision while working within a team environment.
- Excellent communication skills, appropriately adapting based on audience needs, through all mediums – verbal, written, presentation, and listening.
- A university degree is required but not in a specific field.
- Technology experience as sysadmin/support combined with information security experience
- Experience with enterprise management platforms (e.g., ServiceNow).
- Any risk modeling hands-on experience (RSA Archer, RiskLens, RiskQuantifier)
- Training or Certifications in Security or Risk (e.g., ISC2, ISACA, OpenGroup, FAIR). is a Plus
- Experience in healthcare or biotech industries.
Skills
Hard Skills
AdaptabilityRisk Management
Soft Skills
Detail Oriented / Quality of WorkProcess OrientedResults Oriented
Technical Expertise
Risk Analyst