Job Description

We are seeking a highly motivated Cyber Risk Analyst to join our Governance, Risk, and Compliance (GRC) team within Information Security (InfoSec). In this role, you will identify, evaluate, and monitor security risks across a complex, high-volume retail ecosystem including stores, distribution centers, cloud environments, and enterprise systems and applications. You will partner closely with technology, compliance, and business stakeholders to ensure risks are understood, documented, and treated in alignment with our cybersecurity strategy, risk management framework, and industry best practices.

Key Responsibilities

Risk Evaluation

• Conduct security risk assessments across applications, infrastructure, and operations.
• Analyze technical and business impacts, likelihood, and severity of identified risks.
• Document risks clearly in the InfoSec risk register, ensuring accuracy, completeness, and traceability.
• Evaluate proposed controls for adequacy and provide recommendations based inherent risk.

Risk Treatment

• Document risk treatment plans including mitigation strategies, compensating controls, ownership, and timelines.
• Collaborate with risk owners to ensure treatment plans are actionable and aligned with business priorities.
• Track and report on treatment progress, risk acknowledgements, and residual risk.
• Escalate critical risk items and overdue treatments to leadership as needed.

Monitoring

• Support ongoing risk monitoring and reporting activities, including dashboards and scorecards for senior leadership.
• Facilitate risk review meetings with technology and business owners.
• Maintain metrics to measure risk posture and treatment effectiveness.

Incident & Issue Support

• Collaborate with Security Operations, IT, and business teams to evaluate risks associated with security incidents, vulnerabilities, and audit findings.
• Provide recommendations to reduce residual risk or strengthen overall control posture.

Compliance & Standards Alignment

• Assist with aligning internal processes to regulatory and industry standards relevant to retail (PCI DSS, SOX ITGC, etc.).
• Contribute to updates of internal policy, standard, and procedure.

Qualifications

Required

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent experience.
• 2–4 years of experience in cybersecurity, IT audit, risk management, or related discipline.
• Knowledge of common security frameworks (NIST CSF, NIST 800-53, ISO 27001, PCI DSS).
• Experience conducting risk assessments and reviewing security controls.
• Strong analytical, communication, and documentation skills.
• Ability to translate technical details into clear business impacts.

Preferred

• Experience in a large enterprise or retail environment.
• Familiarity with GRC-related platforms (e.g., ServiceNow, OneTrust).
• Understanding of cloud environments (AWS, Azure, GCP) and modern tech stacks.
• Knowledge of Cyber Third-Party Risk Management and Compliance.

.

California Residents click below for Privacy Notice: