The
senior cybersecurity risk
analyst is responsible for assisting with the maturation of the ciso office risk management program. The analyst will manage the risk register and coordinate with risk owners, process incoming risks, including triage scoring and risk articulation, and work with stakeholders throughout the enterprise. This candidate will need good people collaboration skills and experience managing risks.
job description
conduct cybersecurity risk management activities, including processing risk intake forms, scoring risks, updating and maintaining the risk register, and supporting risk submitters and owners (as needed).
partner with risk owners to identify risks or determine mitigations and/or treatment plans and timelines to reduce the risk to the company, as required.
collaborate with various stakeholders across the enterprise, including other technology and risk smes, to manage risks across the risk management lifecycle.
contribute to the advancement of itj's it risk and cybersecurity risk management program by collaborating with the team to initiate, design, develop, process engineer, and mature processes and tools as needed.
minimum qualifications
6+ years of progressive professional experience in a cybersecurity or information risk role.
information risk experience, cybersecurity risk, grc with strong risk background.
demonstrable experience with security risk management assessments and frameworks (e.g., nist, iso).
technically proficient and self-confident with the initiative to perform assigned duties at a high level of independence under minimal supervision while working within a team environment.
excellent communication skills, appropriately adapting based on audience needs, through all mediums – verbal, written, presentation, and listening.
a university degree is required, but not in a specific field.
preferred qualifications
* technology experience as a sysadmin/support combined with information security experience
* experience with enterprise management platforms (e.g., servicenow).
* any risk modeling hands-on experience (rsa archer, risklens, riskquantifier)
* training or certifications in security or risk (e.g., isc2, isaca, opengroup, fair). is a plus
* experience in healthcare or biotech industries.
not seeking
* auditor, compliance or governance expert, third party risk expert
* insurance, banking, credit, or financial risk expert