Cyber Risk Management Analyst

New York, NY
Full Time
Mid Level
Cyber Risk Management Analyst
Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks. Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization’s security posture.
 
Key Requirements 
  • Expertise in GRC methodologies, third-party risk management (TPRM), and federal compliance (NIST SP 800-53, 800-37). Skilled in Risk Register tracking and maintenance, performing Security Impact Analyses, managing the POA&M lifecycle, and developing security awareness content to mitigate human-centric risks.
  • Risk Identification & Quantification: Lead enterprise-wide risk assessments using GRC methodologies to identify, evaluate, and prioritize risks, translating technical vulnerabilities into business impact for stakeholders.
  • Regulatory & Framework Alignment: Ensure ongoing compliance with federal frameworks, including NIST SP 800-53 and 800-37 (RMF), through periodic audits and Security Impact Analyses for new and existing system interconnections.
  • Strategic POA&M & Risk Register Oversight: Maintain and manage the enterprise Risk Register, tracking key cyber risks and overseeing the full lifecycle of Plans of Action and Milestones (POA&M), ensuring findings are documented, validated, and remediated within defined SLAs.
  • Key Cyber Risk Tracking: Continuously monitor and report critical cyber risks, using risk dashboards and metrics to provide actionable insights to leadership and maintain enterprise risk posture.
  • Human-Centric Risk & Awareness: Design and implement security awareness programs and phishing simulations (e.g., KnowBe4, Proofpoint) to reduce social engineering risks and strengthen organizational security culture.
  • Technical Remediation Partnership: Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails and prioritize remediation activities based on risk impact.
  • Advanced Risk Analytics & Visualization: Leverage GRC platforms (Archer, ServiceNow) and tools like Power BI and Excel to generate automated risk metrics, heat maps, and executive-level security posture reports.
 
Experience: 3+ years
Certifications: CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC.
Technologies: GRC Platforms (Archer/ServiceNow), TPRM Tools (OneTrust/Prevalent),
Awareness Platforms (KnowBe4/Proofpoint), MS Power BI, Excel (Advanced), and JIRA.
 

“We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status”

Texting Privacy Policy

  • Message type: Informational; you will receive text messages regarding your application and potentially regarding interview scheduling.
  • No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
  • Message frequency will vary depending on the application process.Msg & data rates may apply.
  • OPT out at any time by texting "Stop".
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*