Security Risk Analyst

Summary

Join our client as a Security Risk Analyst for a 6-month contract (with potential extensions) in a fully remote role. This critical position will focus on enhancing the Security Risk Management Program, specifically addressing IT and security risks. You will participate in security risk assessments, drive improvements to the security framework, and identify/measure risks. The role demands strategic thinking, collaboration, and experience in cyber risk management. You will be responsible for maintaining risk registers, reporting on KPIs/KRIs, and aligning stakeholders on a comprehensive risk management approach. This hands-on role requires expertise in risk assessment methodologies and industry-standard security frameworks.

Requirements

• At least 7 years of experience in IT and security risk management
• At least 5 years of experience conducting security risk assessments
• At least 3 years of experience communicating and presenting to senior-level management
• Experience with risk assessment methodologies and understanding risk assessment processes
• Experience developing and reporting on KRIs (Key Risk Indicators)
• Knowledge of industry-standard security frameworks, such as NIST CSF, NIST RMF, ISO, or CIS
• Excellent communication, analytical, critical thinking, and interpersonal skills
• Ability to work independently and as part of a team

Responsibilities

• Assist in performing comprehensive security risk assessments, focusing on Security and IT
• Lead efforts to identify Security and IT risk management and mitigation efforts and document the results
• Collaborate closely with cross-functional teams and lines of business to ensure Security and IT risks and issues are effectively remediated
• Maintain risk registers, metrics reports, and other Security and IT risk management documentation
• Identify, track, and report on Security and IT -related KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators), providing actionable insights to leadership at all levels
• Lead efforts to align with stakeholders at all levels to ensure a comprehensive Security and IT risk management approach
• Develop and maintain comprehensive IT and Security risk management procedures, reports, and documentation
• Support security framework maturity efforts, such as process improvements and cyber risk quantification
• Lead initiatives that enhance cyber risk reduction across the organization
• Stay up to date on the latest security risks and threats, risk management trends, and Industry best practices

Preferred Qualifications

• Relevant certifications (e.g., CRISC, CISM, CISSP) are highly desirable
• Experience with risk management platforms and tools