Cybersecurity and Risk Management Analyst

$124,800 - $145,600/Yr

Suna Solutions - San Jose, CA

posted 6 days ago

Full-time - Mid Level
San Jose, CA
Professional, Scientific, and Technical Services

About the position

The Cybersecurity and Risk Management Analyst role focuses on conducting security risk assessments, evaluating control effectiveness, and communicating risks to stakeholders. The position requires collaboration with cross-functional teams to ensure compliance with organizational policies and to maintain a security risk register. The analyst will also contribute to risk aggregation and analysis, develop reports, and enhance the GRC risk assessment program.

Responsibilities

  • Conduct security risk assessments to identify, score, and document potential risks from threats and vulnerabilities within the organization's infrastructure and applications.
  • Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
  • Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
  • Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
  • Maintain security risk register and ensure timely updates of the risk register.
  • Contribute to performing risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization.
  • Contribute to developing detailed reports and presentations on risk assessments, including identified aggregated top risks, risk treatment progress, trending, and escalation.
  • Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.
  • Actively contribute to the administration, maintenance, and process improvements of the GRC risk assessment program.
  • Perform other job duties as required.

Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in security risk assessment, with a strong background in cybersecurity and risk management.
  • Hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.
  • Strong technical knowledge of security controls, including access controls, encryption, network security, and vulnerability management.
  • Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).
  • Proven ability to work collaboratively with engineering teams to assess and mitigate security risks.
  • Experience with security risk remediation programs, including technical implementation and compliance considerations.
  • Strong analytical and problem-solving skills, with attention to detail and accuracy.
  • Strong collaboration skills, with experience working cross-functionally with IT, Engineering, and other stakeholders.
  • Excellent communication skills, capable of translating technical concepts into actionable insights for both technical and non-technical stakeholders.
  • Experience in identifying process improvements and enhancing operational efficiencies within security programs.
  • Experience with GRC Risk Management tool including tool implementation.

Nice-to-haves

  • Experience with security assessment tools and methodologies.
  • Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).
  • Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.
  • Certifications like PMP, CISSP, or CISM are a plus but not required.

Benefits

  • 401(k)
  • Dental insurance
  • Health insurance
  • Vision insurance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service