IT Cybersecurity Audit Analyst

Cyber Risk Analyst Mid-Senior Level

Hybrid

Schedule: Full-Time | Hybrid (In-office Wednesdays and Thursdays)

Position Overview

The Cyber Risk Analyst plays a pivotal role in shaping and maintaining the organization's cybersecurity and risk management framework. This position supports the development, execution, and oversight of second-line information security programs, ensuring alignment with regulatory standards and internal policies. The analyst collaborates across departments to assess risks, enhance controls, and promote a culture of security awareness and compliance.

Key Responsibilities

• Design and execute control testing strategies to evaluate effectiveness and compliance.
• Conduct risk assessments and process walkthroughs across IT and cybersecurity domains.
• Develop and refine governance documentation, including standards, procedures, and training materials.
• Monitor and guide first-line IT and Security teams on control implementation and risk mitigation.
• Lead initiatives to improve security posture using AI tools and automation where applicable.
• Support regulatory audits and examinations and manage issue tracking via GRC tools.
• Provide oversight on key risk indicators (KRIs) and performance metrics (KPIs).
• Facilitate incident response reviews and ensure appropriate documentation and reporting.
• Collaborate with legal, compliance, and enterprise risk teams to ensure regulatory alignment.
• Assist in the deployment and optimization of GRC platforms.
• Deliver presentations and training sessions to stakeholders across the organization.
• Stay current on emerging threats, technologies, and regulatory changes.

Qualifications

Experience:

• 5 years in IT audit, cybersecurity, or risk management (consulting experience preferred).
• Hands-on experience with cloud platforms (AWS, Azure) and enterprise security tools.
• Familiarity with frameworks and standards such as NIST (800-53, CSF 2.0), ISO 27001/27018, PCI-DSS, SOC 2, FFIEC, GLBA, and GDPR.
• Proven ability to lead cross-functional projects and influence decision-makers.

Education:

• Bachelor’s degree in Information Security, Computer Science, Business, or related field.
• Master’s degree preferred but not required.

Certifications:

• CISSP, CISA, CISM, or equivalent certifications preferred or willingness to obtain.

Technical Skills:

• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook).
• Understanding of network security, secure SDLC, DevSecOps, and SIEM tools.
• Experience with GRC platforms (Archer preferred).

Soft Skills:

• Strong analytical, communication, and documentation abilities.
• Ability to work under pressure and manage multiple priorities.
• Collaborative mindset with a focus on mentorship and team development.

Physical & Work Environment

• Ability to sit, talk, and hear consistently; occasional standing and walking.
• Visual acuity for close and distant tasks.
• May lift up to 30 pounds occasionally.
• Standard office environment with moderate noise levels.