Description

Required Skills

5+ years in cyber risk, IT risk, or information security risk (consulting or Big 4 experience preferred)

Strong communication and presentation skills with ability to engage senior leadership

Ability to translate technical concepts into business risk language

Experience managing risk registers and tracking remediation activities

Technical understanding of systems, controls, and risk scenarios

Proactive, organized, and able to anticipate stakeholder needs

Experience contributing to risk program design or process improvement

Nice-to-Have Skills

Qualitative risk analysis methodologies in cybersecurity or IT environments

FAIR (Factor Analysis of Information Risk)

ISO 27001, NIST, or similar frameworks

ServiceNow IRM or similar GRC platforms

Job Description

Facilitate risk acceptance and awareness discussions with senior leadership; translate technical risks into business terms

Develop executive-ready presentations and proactively anticipate leadership questions and data needs

Maintain and track the cyber risk register, including follow-up on remediation actions and acceptance decisions

Perform qualitative risk analysis (likelihood and impact) using scenario-based models

Evaluate control effectiveness and compensating controls; provide risk-based recommendations

Support and contribute to the design and improvement of the cyber risk management program and associated processes

Required Education

Option 1: Bachelor's degree with 5+ years of experience in this capacity

Option 2: No degree with a minimum of 7+ years of experience in this capacity

Key Skills

Education

Bachelor's degree