Analyst, Cyber Risk Assessment

Role Summary

Cyber Security Analyst to join the Information Security & Risk Management (ISRM) team. This role is based in the United States with the Raritan, NJ location preferred.

Responsibilities

• Perform and lead technical application risk assessments, design reviews, risk rankings, and collaboration on remediation strategies as needed.
• Perform in-depth reviews of control implementation evidence to assess control sufficiency, operating effectiveness, and any gaps requiring remediation.
• Communicate cybersecurity risk assessment results to key stakeholders and management and provide input on remediation plans.
• Enhance cyber risk assessment processes by defining and implementing process improvements.
• Support the design of cybersecurity controls to ensure proper design implementation and assurance testing.
• Offer consulting support to the larger cybersecurity team on risk assessment understanding and remediation.

Qualifications

• Education: A bachelor‚Äôs degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required. Security certifications such as CISSP, CCSP, CISA, CRISC etc. are preferred.
• Experience and Skills: 3+ years of direct cybersecurity risk assessment experience, including application of risk assessment/management concepts and internal controls and using a GRC tool to support security risk objectives. Proficiency in conducting and leading application-level risk assessments, including data classification, risk scoring, and mitigation planning. Ability to translate technical findings into business impact for key partners. Strong analytical and problem-solving skills. Strong interpersonal skills to build and maintain relationships with internal partners. Preferred: Experience securing cloud environments and/or SaaS platforms. Understanding of secure software development life cycle (SSDLC), threat modeling, and vulnerability management. Foundational knowledge of regulatory requirements (e.g., SOX404, Privacy, HIPAA, GxP, cyber regulations). Experience with security standards and control frameworks (e.g. FAIR, ISO27001, NIST, SOC 2, OWASP Top 10, CSA STAR, etc.).

Education

• A bachelor‚Äôs degree in Computer Science, Engineering or Information Security/Cybersecurity or equivalent degree is required.
• Security certifications such as CISSP, CCSP, CISA, CRISC etc. are preferred.