What are the responsibilities and job description for the Cyber Risk Management Analyst position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Delviom LLC, is seeking the following. Apply via Dice today!
Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks. Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization s security posture.
Key Requirements
Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks. Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization s security posture.
Key Requirements
- Expertise in GRC methodologies, third-party risk management (TPRM), and federal compliance (NIST SP 800-53, 800-37). Skilled in Risk Register tracking and maintenance, performing Security Impact Analyses, managing the POA&M lifecycle, and developing security awareness content to mitigate human-centric risks.
- Risk Identification & Quantification: Lead enterprise-wide risk assessments using GRC methodologies to identify, evaluate, and prioritize risks, translating technical vulnerabilities into business impact for stakeholders.
- Regulatory & Framework Alignment: Ensure ongoing compliance with federal frameworks, including NIST SP 800-53 and 800-37 (RMF), through periodic audits and Security Impact Analyses for new and existing system interconnections.
- Strategic POA&M & Risk Register Oversight: Maintain and manage the enterprise Risk Register, tracking key cyber risks and overseeing the full lifecycle of Plans of Action and Milestones (POA&M), ensuring findings are documented, validated, and remediated within defined SLAs.
- Key Cyber Risk Tracking: Continuously monitor and report critical cyber risks, using risk dashboards and metrics to provide actionable insights to leadership and maintain enterprise risk posture.
- Human-Centric Risk & Awareness: Design and implement security awareness programs and phishing simulations (e.g., KnowBe4, Proofpoint) to reduce social engineering risks and strengthen organizational security culture.
- Technical Remediation Partnership: Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails and prioritize remediation activities based on risk impact.
- Advanced Risk Analytics & Visualization: Leverage GRC platforms (Archer, ServiceNow) and tools like Power BI and Excel to generate automated risk metrics, heat maps, and executive-level security posture reports.