Cybersecurity Risk Analyst

Key Skills (Must-Have)

• Strong knowledge of technical vulnerabilities
• Hands-on experience with:

o Vulnerability Assessment

o Penetration Testing (Pen Testing)

Domain / Background

• No specific domain or target companies required
• Skill set is considered generic and widely available across industries.

Description:

• Review and assess risk management policies and protocols; make recommendations and implement modifications and improvements.
• Engage with internal stakeholders for holistic response management on identified vulnerabilities and remediation efforts.
• Analyze security issues, determine cause and impact, and suggest corrective actions to eliminate and prevent recurrence.
• Develop, track, and report on Key Risk Indicators (KRIs) for information technology.
• Monitor, track, and report mitigation and resolution of IT risks.
• Verify that IT risks are appropriately mitigated and lead multiple stakeholders in agreement on appropriate solutions/controls.
• Analyze risks, including identifying, describing, and estimating risks affecting the business.
• Conduct deep dives on IT security-related processes and systems.
• Ensure effective execution of the risk management framework by managing relationships with key stakeholders within strategic business groups and technology.
• Advise leadership on technology initiatives that support the latest trends in IT security, risk, and controls.
• Provide expertise for resolution and risk mitigation.
• Perform process-level walkthroughs, control testing, and risk assessments to identify current and future security vulnerabilities.
• Collaborate with IT Service teams to determine reporting and metrics needs; share and present reporting and metrics to Cybersecurity and IT Leadership.
• Identify and recommend appropriate measures to manage and remediate vulnerabilities, reducing potential impacts on information resources to a level acceptable to senior management.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities in an agile manner and within cloud solutions.
• Understand business requirements and work with teams to define appropriate security solutions while meeting business needs.
• Champion vulnerability management and information security, broadening awareness and use of the team’s services, educating on security best practices, and integrating with other business areas.
• Identify potential regulatory and non-regulatory risks through thorough and ongoing risk assessments with relevant business leads.
• Guide and support Stakeholders for remediation with technical support.