Cyber Risk Management Analyst

Nucorevision, Inc
Brooklyn; New York, US
On-site

Job Description

PRE-REQUISITES:

  • Must reside in New York
  • Must be a U.S. Citizen
  • Must have a minimum of 3 years of experience
  • Must have a minimum of two active certifications below

Cyber Risk Management Analyst Job Description:

Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks.

Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization’s security posture.

Key Requirements:

  • Expertise in GRC methodologies, third-party risk management (TPRM), and federal compliance (NIST SP 800-53, 800-37). Skilled in Risk Register tracking and maintenance, performing Security Impact Analyses, managing the POA&M lifecycle, and developing security awareness content to mitigate human-centric risks.
  • Risk Identification & Quantification: Lead enterprise-wide risk assessments using GRC methodologies to identify, evaluate, and prioritize risks, translating technical vulnerabilities into business impact for stakeholders.
  • Regulatory & Framework Alignment: Ensure ongoing compliance with federal frameworks, including NIST SP 800-53 and 800-37 (RMF), through periodic audits and Security Impact Analyses for new and existing system interconnections.
  • Strategic POA&M & Risk Register Oversight: Maintain and manage the enterprise Risk Register, tracking key cyber risks and overseeing the full lifecycle of Plans of Action and Milestones (POA&M), ensuring findings are documented, validated, and remediated within defined SLAs.
  • Key Cyber Risk Tracking: Continuously monitor and report critical cyber risks, using risk dashboards and metrics to provide actionable insights to leadership and maintain enterprise risk posture.
  • Human-Centric Risk & Awareness: Design and implement security awareness programs and phishing simulations (e.g., KnowBe4, Proofpoint) to reduce social engineering risks and strengthen organizational security culture.
  • Technical Remediation Partnership: Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails and prioritize remediation activities based on risk impact.
  • Advanced Risk Analytics & Visualization: Leverage GRC platforms (Archer, ServiceNow) and tools like Power BI and Excel to generate automated risk metrics, heat maps, and executive-level security posture reports.

Required Experience: 3+ years

Minimum of Two Certifications: CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC.

Technology Experience: GRC Platforms (Archer/ServiceNow), TPRM Tools (OneTrust/Prevalent), Awareness Platforms (KnowBe4/Proofpoint), MS Power BI, Excel (Advanced), and JIRA.

Pay: $153,000.00 - $176,000.00 per year

Benefits

  • 401(k)
  • Dental insurance
  • Health insurance
  • Life insurance
  • Paid time off
  • Vision insurance

Work Location: In person

Skills & Requirements

Technical Skills

GrcTprmNist 800-53FismaArcherServicenowOnetrustPrevalentKnowbe4ProofpointPower biExcelCommunicationProblem-solvingCollaborationCisaCriscCgeitCisspSecurity+CcskCgrc

Salary

$153,000 - $176,000

year

Employment Type

FULL TIME

Level

mid

Posted

5/4/2026

Apply Now

You will be redirected to Nucorevision, Inc's application portal.

Sign in and we'll score your resume against this role.

Find Similar Jobs

Browse roles in the same category, level, and remote setup.