Cyber Risk Analyst

Job Title: IT Risk Analyst

Location: Preferred hybrid in Cincinnati, OH or remote within 30 minutes of a hub city

Job Type: Full-Time

About The Company

Our client is committed to building a secure and risk-aware culture across the enterprise. We proactively identify, assess, and manage IT risks to align with our organizational goals and maintain compliance with industry standards. Join a collaborative and forward-thinking environment where your expertise will contribute directly to safeguarding enterprise operations.

Job Summary

The IT Risk Analyst supports the IT Risk Management practice by performing assessments of potential risk exposures and preparing actionable reporting. The ideal candidate will manage cyber risk assessments, evaluate operational controls, and communicate risk scenarios to management. This role offers autonomy to shape the risk program while fostering strong partnerships with internal stakeholders to promote a risk-first culture and enhance enterprise-wide compliance.

Key Responsibilities

• Cyber Risk Assessments: Manage and conduct cyber risk assessments, evaluating alignment with operational controls and risk treatment needs.
• Threat and Risk Scenario Analysis: Frame, update, and analyze threat scenarios to inform cyber risk management practices.
• Risk Communication: Effectively communicate cyber risk to management, stakeholders, and employees.
• Risk Dashboards and Reporting: Develop comprehensive dashboards and reports based on complex risk, process, and control relationships.
• Risk Appetite and Treatment: Assess and update risk appetites for lines of business (LOB) and evaluate treatment options, facilitating informed decisions.
• Compliance and Audits: Support internal/external audits and regulatory exams, ensuring robust risk management oversight.
• Training and Culture Building: Train employees on cyber risk awareness and foster a risk-first organizational culture.
  
  

Requirements

Education and Certifications:

• Bachelor’s degree in a related field.
• Certifications preferred: CISSP, CISA, or CRISC.
  
  

Experience

• 5-10 years of experience in governance, risk, and compliance, with a focus on cyber risk management.
• Proficiency in compliance management software (e.g., Archer, ServiceNow, MetricStream).
  
  

Skills

• In-depth understanding of regulatory frameworks and industry compliance standards.
• Strong analytical and problem-solving skills with attention to detail.
• Proficiency in managing and communicating risk to technical and non-technical audiences.
• Familiarity with cyber security frameworks, such as NIST-CSF.
• Ability to develop standards for legal compliance and implement process improvements.
  
  

Soft Skills

• Exceptional communication skills, both written and verbal.
• Strong organizational and strategic planning capabilities.
• Willingness to engage in detailed, repetitive tasks while maintaining accuracy and focus.
  
  

Preferred Qualifications

• Experience with risk scoring and adjustment methodologies.
• Familiarity with process improvement methodologies and quality management.
  
  

Work Environment

• Location: Preferred in-office at BTC; remote candidates within 30 minutes of a hub city considered.
• Travel: Occasional onsite visits, approximately once per quarter.
• Physical Demands: Regular sitting, typing, and handling office equipment; occasional lifting up to 10 pounds.
  
  

Benefits

• Comprehensive health, dental, and vision insurance.
• Generous paid time off and flexible work schedules.
• Access to professional development and training programs.