*completed 4 year degree (no exceptions)
*background/drug check required

We are seeking a detail-oriented and analytical Cybersecurity Risk Specialist to join our growing risk management team. This role will support the Cybersecurity Risk Manager in executing a wide range of risk-related responsibilities, including conducting cybersecurity risk assessments, performing regulatory compliance assessments, and assisting with overall risk governance activities. The ideal candidate will have a solid understanding of information security principles and risk management frameworks, coupled with the ability to analyze and communicate technical and regulatory risks effectively.

Key Responsibilities:

Risk Assessments:
Conduct cybersecurity risk assessments for systems, applications, and projects.
Identify and evaluate security risks and controls, and document findings and recommendations.
Track mitigation plans and work with stakeholders to ensure timely remediation of identified risks.
Consults on h w key stakeholders, identifying compensating controls, exception request, and remediation efforts.

Regulatory Assessments:
Assist with the evaluation of organizational compliance with cybersecurity-related regulatory and industry standards (e.g., NIST, ISO 27001, CIS, HIPAA, PCI DSS, etc.).
Collect and analyze evidence to support audit and regulatory requests.
Consult on the preparation of internal and external audit responses.

Risk Governance and Reporting:
Contribute to risk reporting and dashboards for senior leadership and risk committees.
Maintain and update risk registers and assessment documentation.
Assist in developing and improving risk management processes, templates, and tools.

Collaboration and Communication:
Work closely with IT, compliance, legal, and business units to understand and assess risk.
Provide input into cybersecurity policies, standards, and procedures.
Promote awareness of cybersecurity risk management practices throughout the organization.

Qualifications:

Required:
3+ years of experience in cybersecurity, IT risk management, or audit.
Familiarity with risk assessment methodologies and information security frameworks (e.g., NIST CSF, ISO 27001).
Can read/interpret technical diagrams to determine risk.
Solid collaboration and facilitation skills to drive stakeholders to a problem solve.
Good critical thinking capabilities
Strong analytical, organizational, and documentation skills.
Excellent communication skills, both verbal and written.

Preferred:
Relevant certifications (e.g., CRISC, CISSP, CISA, Security+).
Experience with risk management tools or GRC platforms, specifically Logic Gate
Understanding of regulatory requirements (e.g., GDPR, HIPAA, SOX).