Cyber Risk Management Analyst

Position: Cyber Risk Management Analyst

Position Summary: Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks. Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization’s security posture.

Key Duties and Responsibilities: • Expertise in GRC methodologies, third-party risk management (TPRM), and federal compliance (NIST SP 800-53, 800-37). Skilled in Risk Register tracking and maintenance, performing Security Impact Analyses, managing the POA&M lifecycle, and developing security awareness content to mitigate human-centric risks. • Risk Identification & Quantification: Lead enterprise-wide risk assessments using GRC methodologies to identify, evaluate, and prioritize risks, translating technical vulnerabilities into business impact for stakeholders. • Regulatory & Framework Alignment: Ensure ongoing compliance with federal frameworks, including NIST SP 800-53 and 800-37 (RMF), through periodic audits and Security Impact Analyses for new and existing system interconnections. • Strategic POA&M & Risk Register Oversight: Maintain and manage the enterprise Risk Register, tracking key cyber risks and overseeing the full lifecycle of Plans of Action and Milestones (POA&M), ensuring findings are documented, validated, and remediated within defined SLAs. • Key Cyber Risk Tracking: Continuously monitor and report critical cyber risks, using risk dashboards and metrics to provide actionable insights to leadership and maintain enterprise risk posture. • Human-Centric Risk & Awareness: Design and implement security awareness programs and phishing simulations (e.g., KnowBe4, Proofpoint) to reduce social engineering risks and strengthen organizational security culture. • Technical Remediation Partnership: Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails and prioritize remediation activities based on risk impact. • Advanced Risk Analytics & Visualization: Leverage GRC platforms (Archer, ServiceNow) and tools like Power BI and Excel to generate automated risk metrics, heat maps, and executive-level security posture reports.

Requirements: • 3+ years experience as a Cyber Risk Management Analyst in a similar role • Required certifications: CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC • Experience with the following technologies: GRC Platforms (Archer/ServiceNow), TPRM Tools (OneTrust/Prevalent), Awareness Platforms (KnowBe4/Proofpoint), MS Power BI, Excel (Advanced), and JIRA.