Risk Analyst

Arlington, Virginia

Local Only

Full Time

$90k - $140k

Risk Analyst

The Risk Analyst is responsible for ensuring that the firm assesses risk in a consistent manner, and for sustaining a culture of risk awareness. Reporting to the Director of Risk Operations, the Risk Analyst operates a focused, thematic risk and control program for assessing cyber, technology and operational risks rigorously, registering and tracking issues to completion, and reporting these issues to the CISO and other stakeholders. The Risk Analyst also implements the firm’s security awareness and training program. This role requires hands-on, collaborative work with stakeholders and IT implementers.

The company is located in Washington, DC. And the position will be a hybrid model. The candidate must be local to the D.C. Metro Area.

What You Will Be Doing:
  • Defines, documents, and manages the firm’s Risk Management program, including processes for identifying, categorizing, assessing, and registering risks; assigning owners; determining dispositions; and tracking issues to completion.
  • Tiers, assesses and monitors risks associated with vendors.
  • Manage vendor risk program. Review assessment alongside SOC 2 reports and ISO certs. Confirm vendors controls and advise on any gaps.
  • Research security controls and translate to actionable insights and strategy.
  • Defines, documents, and manages the firm’s Security Awareness and Training program, ensuring that training content is up to date, fit-for-purpose, and consistently delivered.
  • Regularly reports on program progress to the CISO and other senior stakeholders as appropriate, using defined Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to highlight control adoption gaps, identify areas of strong or weak performance, or quantify risks, respectively.
  • Perform other duties as assigned.
Required Skills & Experience:
  • Bachelor's degree in Computer Science or Engineering preferred; advanced degree and CISSP certification preferred.
  • Requires 5+ years' experience in cybersecurity, conducting technology audits, and third party security risk assessments.
  • Strong working proficiency using risk assessment software such as ServiceNow, Archer, IBM® OpenPages® or C2C MyRiskAssessor; and/or using security learning and training software such as Proofpoint, Skillsoft or KnowBe4.
  • Superior time-management skills, relentless follow-through, and metronome[1]like, consistent delivery.
  • Effective written and oral communications skills.
  • Big 4 experience preferred.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.

Posted by: Ashton Corbett