Offer summary

Qualifications:

Minimum 7 years of experience in IT and security risk management., At least 5 years of experience conducting security risk assessments., Experience with risk assessment methodologies and security frameworks like NIST, ISO, or CIS., Relevant certifications such as CRISC, CISM, or CISSP are highly desirable..

Key responsibilities:

Perform security risk assessments for IT and security.

Identify and document risk management and mitigation efforts.

Collaborate with teams to remediate security and IT risks.

Maintain risk registers, metrics, and reports on security risks.

Job description

Job Title: Security Risk Analyst
Location: 100% Remote
Duration: 6 Month contract with extensions

Overview:
Our client is seeking an experienced Security Risk Analyst for a long-term contract opportunity. This position is 100% Remote.

Job Description:
We are seeking an experienced Security Risk Analyst to support our Information Security organization. This role will be critical in advancing key security risk management projects and initiatives. The focus will be on enhancing our Security Risk Management Program, specifically related to IT and Security risks.

The Analyst will participate in security risk assessments (internal and external) and will play a key role in driving improvements to our security framework maturity and identifying/measuring risks. This is a hands-on role requiring strategic thinking, strong collaboration skills, and experience in cyber risk management frameworks and best practices.

Responsibilities:

Assist in performing comprehensive security risk assessments, focusing on Security and IT.
Lead efforts to identify Security and IT risk management and mitigation efforts and document the results.
Collaborate closely with cross-functional teams and lines of business to ensure Security and IT risks and issues are effectively remediated.
Maintain risk registers, metrics reports, and other Security and IT risk management documentation.
Identify, track, and report on Security and IT -related KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators), providing actionable insights to leadership at all levels.
Lead efforts to align with stakeholders at all levels to ensure a comprehensive Security and IT risk management approach.
Develop and maintain comprehensive IT and Security risk management procedures, reports, and documentation.
Support security framework maturity efforts, such as process improvements and cyber risk quantification.
Lead initiatives that enhance cyber risk reduction across the organization.
Stay up to date on the latest security risks and threats, risk management trends, and Industry best practices.

Qualifications:

At least 7 years of experience in IT and security risk management.
At least 5 years of experience conducting security risk assessments.
At least 3 years of experience communicating and presenting to senior-level management.
Experience with risk assessment methodologies and understanding risk assessment processes.
Experience developing and reporting on KRIs (Key Risk Indicators).
Knowledge of industry-standard security frameworks, such as NIST CSF, NIST RMF, ISO, or CIS.
Relevant certifications (e.g., CRISC, CISM, CISSP) are highly desirable.
Experience with risk management platforms and tools.
Excellent communication, analytical, critical thinking, and interpersonal skills.
Ability to work independently and as part of a team.