Cybersecurity Risk Analyst

Job Locations: Dallas, TX | Tampa, FL | Jersey City, NJ

Note: Preference will be given to candidates with prior experience in the Financial Services Industry.

Position Summary: The Information Risk Analyst/Cybersecurity Risk Analyst will be responsible for developing risk assessment questionnaires, conducting risk assessments for applications (on-premises and cloud), infrastructure (on-premises and cloud), and vendors, in accordance with a defined risk framework. These assessments will be executed through a formalized risk assessment program. The role involves identifying risks related to how business and technology teams utilize IT systems and supporting technological infrastructure.

Key Responsibilities

• Conduct research on technology security, cybersecurity best practices, and develop risk assessment questionnaires.
• Plan and perform risk assessments following the organization's methodology, documenting and communicating control deficiencies in business processes and technology systems.
• Collaborate with Enterprise IT to address cybersecurity risk findings, new initiatives, and ad hoc processes, covering areas such as databases, operating systems, networking devices, storage systems, and cloud solutions.
• Provide risk remediation recommendations to business and technology teams to mitigate identified control gaps.
• Clearly articulate risks in a way that is understandable to both business and technology stakeholders.
• Evaluate management responses to ensure remediation plans effectively address identified risks.
• Prepare assessment reports and dashboards for IT owners.
• Maintain risk documentation within the designated risk register.
• Guide business and technology teams through policy exception and risk acceptance processes.
• Contribute to the continuous improvement of the risk assessment process.
  
  

Required Experience

• 5 years of experience in risk assessment within application security, infrastructure security, or vendor risk management.
• Experience in the Financial Services Industry is preferred but not mandatory.
• Strong understanding of Information Risk Management best practices.
• Technical proficiency in cybersecurity concepts and IT systems.
  
  

Required Knowledge & Skills

• Strong technical knowledge of infrastructure, networks, databases, and systems and their impact on cybersecurity risk.
• In-depth understanding of security methodologies, policies, and industry best practices.
• Ability to articulate technical concepts effectively to both technical and non-technical audiences.
• Strong analytical and critical thinking skills.
• Excellent presentation skills (MS PowerPoint).
• Proficiency in data manipulation using MS Excel.
• Ability to build consensus, influence decision-making, and foster collaboration across teams.
• Strong written and verbal communication skills.
• Exceptional organizational skills with the ability to adapt to a dynamic work environment.
• Sound business judgment and ability to engage with all levels of management.
  
  

Education & Certifications

• Bachelor's degree preferred.
• Relevant industry certifications such as CISSP, CISM, CRISC, or CCSP are preferred.