Identify and assess potential Cyber Risks of all incoming vendors, third parties, services, and technology.
Collaborate with cross-functional teams and third-party vendors to analyze pertinent information and collateral.
Conduct technology risk assessments across new and existing applications.
Ensure comprehensive documentation is maintained for all approved, denied, and conditionally approved exceptions.
Collect, process, and interpret multiple sources of data to model Cyber Risk scenarios.
Track risk plan milestones and drive issue management ensuring overall risk goals are met.
Develop mitigation strategies to reduce, transfer, or avoid identified Cyber Risks.
Perform security assessments of new and existing third-party vendors and service providers.
Document and communicate inherent and residual risks associated with vendor reliance.
Utilize and manage the corporate GRC platform and risk management tools.

5+ years of relevant experience in Information Security, IT Risk Management, IT Audit, or GRC, with a heavy focus on technology risk.
Deep working knowledge of key GRC concepts, risk assessment methodologies, and industry frameworks (e.g., NIST SP 800-53/CSF, ISO 27001).
Proven, hands-on experience using and configuring modern GRC platforms for risk management, policy management, and compliance automation. Experience in configuring and using tools such as Archer, ServiceNow, MetricStream or Vanta preferred.
Experience with IT and Security tools, SaaS / other Cloud technologies and/or software development.
Exceptional ability to analyze complex technical vulnerabilities and control failures/gaps, translating them into measurable business risk, with detailed quantitative assessment skills to support findings & recommendations.
Excellent written and verbal communication skills.

Senior Technical Cyber Risk Analyst

Key skills