IT Risk Analyst ManagerStaffRemoteFull-time21 days ago

Career Path Advertising
Do You Want to Discover Your Ideal Career Path?Craft Your Own Career Path for Free!

About the job

The Cybersecurity Risk Analyst is responsible for assisting with the maturation of the CISO Office Risk Management program. The Analyst will manage the risk register and coordinate with risk owners, process incoming risks including triage scoring and risk articulation, and work with stakeholders throughout the enterprise. This candidate will need good people collaboration skills and experience in managing risks.

What will you do?

  • Conduct cybersecurity risk management activities including processing risk intake forms, scoring risks, updating and maintaining the risk register, and supporting risk submitters and owners (as needed).
  • Partner with risk owners to identify risks or determine mitigations and/or treatment plans and timelines to reduce the risk to the company, as required.
  • Collaborate with various stakeholders across the enterprise, including other technology and risk SMEs, to manage risks across the risk management lifecycle.
  • Contribute to the advancement of the team's IT Risk, and cybersecurity risk management program by collaborating with the team to initiate, design, develop, process engineer, and mature processes and tools as needed.

Qualifications

Minimum Qualifications

  • 6+ years of progressive professional experience in a cybersecurity or information risk role. (Staff) 
  • Information risk experience, cybersecurity Risk, GRC with strong Risk background. 
  • Demonstrable experience with security risk management assessments and frameworks (e.g., NIST, ISO).
  • Technically proficient and self-confident with the initiative to perform assigned duties at a high level of independence under minimal supervision while working within a team environment.
  • Excellent communication skills, appropriately adapting based on audience needs, through all mediums – verbal, written, presentation, and listening.
  • A university degree is required but not in a specific field.

Preferred Qualifications

  • Technology experience as sysadmin/support combined with information security experience
  • Experience with enterprise management platforms (e.g., ServiceNow).
  • Any risk modeling hands-on experience (RSA Archer, RiskLens, RiskQuantifier)
  • Training or Certifications in Security or Risk (e.g., ISC2, ISACA, OpenGroup, FAIR). is a Plus 
  • Experience in healthcare or biotech industries.


Not Seeking

  • Auditor, Compliance or Governance expert, Third Party Risk expert
  • Insurance, Banking, Credit, or Financial Risk expert

Skills

Hard Skills

  • Risk Management

Soft Skills

  • Drive High Performance
  • Analysis and Problem Solving
  • Problem Solving
  • Process Oriented
  • Innovation & Change Leadership

Technical Skills

  • Cybersecurity