Senior Cyber Risk Analyst

We are seeking a Senior Analyst with a robust background in cybersecurity risk assessment and internal security audits, complemented by broad technical expertise across modern IT environments. This role requires a deep understanding of desktops, mobile devices, networks, operating systems, and cloud services, as well as the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders. The ideal candidate will possess advanced analytical skills, relevant certifications, and experience working cross-functionally—including direct client engagement—to support regulatory and business objectives.

Primary Responsibilities

• Conduct comprehensive risk assessments of information systems, applications, business processes, and underlying technical infrastructure—including desktops, phones, network devices, operating systems (Windows, macOS, Linux), and cloud platforms (AWS, Azure, GCP).
• Collaborate closely with compliance, legal, IT, business stakeholders, and external clients to understand operational requirements, regulatory obligations, and risk tolerance.
• Serve as a technical point of contact for clients, addressing and managing their technical requirements, security concerns, and risk management needs.
• Clearly document identified risks and work with stakeholders to propose, evaluate, and track compensating controls that address security gaps when standard controls are not feasible.
• Support and participate in internal security audits, ensuring findings are clearly communicated and remediation plans are actionable and understandable by both technical and non-technical teams.
• Prepare and deliver risk assessment reports and risk register updates to management, clients, and relevant teams, tailoring communication style and technical depth to the audience.
• Monitor the effectiveness of compensating controls and recommend improvements as needed to maintain compliance and reduce residual risk across diverse technical environments.
• Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and evolving enterprise technologies.
• Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements.

Qualifications/Skills Required

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 5+ years of experience in information security, with a strong focus on risk assessment and/or internal security audits.
• Demonstrated experience working with compliance, legal, business teams, and clients to assess and document security risks and compensating controls.
• Advanced knowledge of risk management frameworks (e.g., NIST, ISO 27001, CIS20) and regulatory requirements relevant to the financial sector
• Broad technical knowledge spanning desktops, mobile devices, networking, operating systems, and cloud services.
• Proficiency with risk analytics, GRC tools, and security assessment methodologies.
• Exceptional analytical, communication, and report-writing skills, with the ability to translate complex technical issues into clear, actionable recommendations for both technical and non-technical audiences.

Desired Skills

• Experience in the financial services sector or advisory work with a leading consulting firm.
• Familiarity with the design and evaluation of compensating controls in regulated environments.
• Ability to translate technical risks into business impacts and actionable recommendations.
• Experience presenting technical risk findings to executive leadership, clients, and non-technical stakeholders.
• One or more of the following certifications: CISSP, CISA, CompTIA CySA+