POSITION SUMMARY

TheCyberRiskAnalystis responsible foroverseeing the organizations vulnerability management program, focusing on IT infrastructure, endpoints, networks, and cloud environments. This role ensures proactive identification, analysis, prioritization, and remediation of technical vulnerabilities while embedding risk management practices to minimize security threats and support complianceobjectives. Additionally, theCyberRiskAnalystwill help track enterprise security risk by monitoring risk metrics,maintainingrisk registers, and providing regular updates to leadership, enabling informed decision-making and a holistic understanding of the organizations security posture.

POSITIONRESPONSIBILITIES

• Own the enterprise cybersecurity risk register, taxonomy, and exception workflows with clear escalation thresholds.

• Define and track KRIs/KPIs (e.g., residual risk, SLA compliance, control effectiveness); deliver executive dashboards and briefings.

• Ensure asset and telemetry data quality and coverage; standardize with a Common Information Model (CIM).

• Drive prioritized remediation roadmaps; enforce SLAs with automated reminders and escalations; verify fixes via retest.

• Integrate post-incident lessons into the risk register and backlog;validatecontrols through purple-team exercises.

• Include thirdparty/vendor and application security findings for a holistic enterprise risk view.

• Map risks to policies and regulatory frameworks (NIST, ISO 27001, PCI-DSS, HIPAA); support audits and evidence collection.

• Continuously improve VM processes, tooling, and control designs; measure the efficacy of controls and exceptions.

• Be hands-on: query/validatedata, build metrics/dashboards, and translate technical issues into clear risk treatment plans.

• Engage stakeholders to drive decisions and timelines; tie outcomes to OKRs focused on risk reduction and faster decision cycles.

EDUCATION AND EXPERIENCE

Education:

• Bachelors degree in computer sciences, Information Security, Information Systems, Engineering,Sciencesor relevant professional experience.

Experience:

• 5+ years of hands-on experience in vulnerability management, cyber risk, or related roles within enterprise IT environments.

TECHNICAL SKILLS REQUIREMENTS

• Proficiencywith vulnerability scanning and security testing tools (e.g., Tenable, Qualys, Rapid7, Falcon Spotlight,AppScan) and using results to improve security operations.

• Experience across infrastructure systems, endpoints, network devices, and cloud platforms (AWS, Azure, Microsoft 365/O365).

• Ability to interpret, prioritize, and report technical risk from vulnerability data using analytics and data visualization tools (e.g., Power BI, Tableau).

• Working knowledge and practical application of security frameworks and compliance requirements (e.g., NIST, PCI-DSS, HIPAA, ISO 27001).

• Experience coordinating remediation across technical and business teams, managing SLAs, and improving remediation processes.

• Understanding ofvulnerability assessments, security policy development, enterprise security strategy, architecture concepts, and governance practices.

• Broad understanding of security technologies, core security principles, control frameworks, and risk considerations for both on-prem and cloud solutions; familiarity with threat modeling concepts.

• Ability to research vulnerabilities and exploit techniques and translate findings into operational improvements.

• Hands-on capability to troubleshoot complex issues and implement solutions in enterprise environments.

• Strong project management skills withabilityto manage multiple priorities in fast-paced operational environments.

• Strong written/verbal communication skills; ability to present clearly, negotiate effectively, and influence stakeholders across levels; able to work independently and in teams.

• High standardsof ethics, professionalism, and integrity.

• Experience in regulated industries (e.g.,pharmaceuticals) is desirable.

• Ability to articulate business-focused security outcomes that guide service direction and improve security posture.

PHYSICALPOSITIONREQUIREMENTS

• Primarily office-based workinvolvingsitting, computer use, and meetings.

• Ability to work flexible hours as needed to coordinate with global teams and support audit readiness activities.

• Occasional travel may berequiredfor audits, regulatory meetings, orintegrationactivities.

• No unusual physical demands or attendance requirementsexpected.

Travel Requirements: 5%-10%