Lead Cyber Risk Analyst - Remote

Our client, a prominent player in the insurance sector, is looking for a seasoned Lead Cyber Risk Analyst to join their expanding team. This role is critical in assessing, mitigating, and monitoring cyber threats and vulnerabilities that could impact the company's operations and client data. You will be responsible for developing and implementing comprehensive cybersecurity risk management strategies, frameworks, and policies. This hybrid role requires a candidate who can balance remote work flexibility with periodic in-office collaboration in **Washington, D.C., US**.

Key responsibilities include conducting thorough risk assessments, performing vulnerability scans, analyzing security incidents, and developing remediation plans. You will also be instrumental in ensuring compliance with relevant regulations and industry best practices. The Lead Cyber Risk Analyst will mentor junior team members, manage security projects, and provide expert guidance to stakeholders across the organization. Strong communication and analytical skills are essential for translating complex technical findings into actionable business recommendations.

We are seeking an individual with a proven track record in cybersecurity risk management, threat intelligence, and incident response. Experience with GRC tools, security frameworks like NIST, ISO 27001, and a deep understanding of cloud security (AWS, Azure, GCP) are highly desirable. The successful candidate will be adept at identifying emerging cyber threats and proactively adapting security measures to protect the organization's digital assets. A Bachelor's degree in Computer Science, Information Security, or a related field is required, along with at least 5 years of relevant experience. Professional certifications such as CISSP, CISM, or CRISC are a significant advantage.

Responsibilities:

Develop and implement cybersecurity risk management strategies and frameworks. Conduct comprehensive risk assessments, vulnerability analyses, and penetration testing oversight. Monitor threat intelligence feeds and analyze security incidents to identify potential risks. Design and implement security controls and mitigation strategies. Ensure compliance with regulatory requirements and industry standards (e.g., GDPR, CCPA, HIPAA). Develop and maintain cybersecurity policies, procedures, and standards. Manage security awareness training programs for employees. Mentor and guide junior security analysts. Collaborate with IT and business units to integrate security into all aspects of the organization. Prepare regular reports on cyber risk posture for senior management.

Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field. 5+ years of experience in cybersecurity risk management. Strong knowledge of security frameworks (NIST, ISO 27001) and compliance regulations. Experience with GRC tools and security monitoring solutions. Proficiency in cloud security principles (AWS, Azure, GCP). Excellent analytical, problem-solving, and communication skills. CISSP, CISM, or CRISC certification is highly preferred. Join our client and play a vital role in safeguarding their digital future.