Cybersecurity Risk Analyst II (30766)

Position purpose

We are seeking a detail-oriented Cyber Security Risk Analyst specializing in Governance, Risk, and Compliance (GRC). This role will support the organization’s cybersecurity risk management program by identifying, assessing, and mitigating risks while ensuring compliance with regulatory requirements and industry standards.

The ideal candidate will have a strong understanding of cybersecurity frameworks, risk assessment methodologies, and regulatory compliance, along with the ability to translate technical risks into business impacts.

Responsibilities/Duties/Functions/Tasks:

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Conduct cybersecurity risk assessments, including third-party/vendor risk evaluations (TPRM)
• Identify, analyze, and document security risks, threats, and vulnerabilities
• Support the development and maintenance of risk registers and risk treatment plans
• Ensure compliance with applicable regulations, standards, and frameworks (e.g., NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA as applicable)
• Assist in the development, review, and enforcement of information security policies, standards, and procedures
• Partner with IT, engineering, legal, and business teams to ensure security controls are implemented effectively
• Monitor and report on compliance posture, control effectiveness, and risk metrics
• Support internal and external audits, including evidence gathering and remediation tracking
• Maintain awareness of emerging threats, regulatory changes, and industry best practices
• Provide security awareness and guidance to stakeholders across the organization
  
  

Qualifications

Education:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, STEM or related field
  
  

Experience:

• 2–5 years of experience in cybersecurity, risk management, or compliance roles
• Strong knowledge of GRC principles, risk frameworks, and control standards
• Familiarity with one or more frameworks: NIST CSF, ISO/IEC 27001, COBIT, CIS Controls
• Experience with risk assessment tools and methodologies
• Understanding of regulatory requirements relevant to the business (e.g., GDPR, HIPAA, SOX)
• Strong analytical, documentation, and communication skills
• Ability to manage multiple priorities and work cross-functionally
• Professional certifications such as:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk and Compliance (CGRC)
• Experience with GRC tools (e.g., Drata, Archer, ServiceNow GRC, OneTrust)
• Knowledge of cloud security and compliance (AWS, Azure, GCP)
• Experience with third-party risk management programs
  
  

Essential Skills And Experience:

• Risk assessment and critical thinking
• Attention to detail and documentation rigor
• Strong stakeholder communication
• Problem-solving and decision-making
• Integrity and accountability
• Demonstrated administration of security platforms and security related best practices.
• Problem analysis and problem resolution at both an operational and tactical level.
• Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls.
• Experience with security vulnerability and penetration tools, remediation, and processes.
• Strong analytical and interpersonal skills.
  
  

Performance Requirements:

• Proficient IT technical skills.
• Excellent communication skills, both written and verbal.
• Ability to manage conflict and resolve problems.
• Ability to multi-task and prioritize.
• Self-motivated with initiative.
• Strong sense of ethics.
  
  

Equipment Operated: This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Work Environment: This job operates in professional office environments.

• Physical Requirements: While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to finger, handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear; and taste or smell. The employee must occasionally lift or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
  
  

Qualifications

Qualifications

Education/Experience:

• Bachelors degree in computer science or other technical/scientific discipline or equivalent experience.
• 5 years IT related work; preferred 3 years as in security.
• Enterprise level Network/System Administration or Engineering experience.
• Proficient level of knowledge of Windows and Linux operating systems, networks, and network security technologies (IPS, firewalls, etc.), TCP/IP network communication structure, protocols and processes, internet protocols and connectivity methods, vulnerability scanning, penetration testing and user authentication technologies.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Relevant security certifications such as GCIH, CEH, Security , CCNA Security, CCSP, or equivalent certification required. Non-specific vendor cloud certifications are a plus.
  
  

Essential Skills And Experience:

• Demonstrated administration of security platforms and security related best practices.
• Problem analysis and problem resolution at both an operational and tactical level.
• Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls.
• Experience with security vulnerability and penetration tools, remediation, and processes.
• Strong analytical and interpersonal skills.
  
  

Performance Requirements:

• Highly proficient IT technical skills.
• Excellent communication skills, both written and verbal.
• Ability to manage conflict and resolve problems.
• Ability to multi-task and prioritize.
• Self-motivated with initiative.
• Strong sense of ethics.
  
  

GI Alliance is an Equal Opportunity Employer. We are committed to creating an inclusive, welcoming, and equitable work environment. Our company values and celebrates the diversity of our physicians, staff and patients. We firmly believe our service is greatly enriched by our diversity of thought, experience, perspective, culture, and background.

Please Note: All job offers are contingent on the successful completion of pre-employment criminal history check.

NOTE: ALL APPLICATIONS MUST BE COMPLETED IN FULL FOR CONSIDERATION.

No phone calls or agencies, please.

EEO/AA-M/F/disabled/protected veteran