Cybersecurity Risk Analyst

Job Summary:

Heitmeyer has banking client that has a need within their Information Security team for a Cybersecurity Risk Analyst who can perform risk assessments within the environment to identify, assess, track and advise on information security risks. This individual will be part of the 2nd line of defense in securing the information security environment across the firm.

Job Description:

The Cybersecurity Risk Analyst will conduct risk assessments to proactively identify issues while working to manage control exceptions and work with Technology, LOB and Operation partners to address those gaps and work to manage control exceptions while helping to implement compensating and mitigating controls.

Top Required Skills:

• 3 years of experience in information security risk management, preferably within the financial services or banking sector.
• Strong understanding of cybersecurity frameworks (NIST 800-53, NIST-CSF, ISO 27001).
• Hands-on experience with GRC tools, particularly RSA Archer.
• Working knowledge of common security controls, threat landscapes, and IT processes.
• Experience managing security control exceptions, including documentation, analysis, and lifecycle tracking.
• Ability to communicate risk concepts clearly to both technical and non-technical stakeholders.
• Strong interpersonal skills and the ability to collaborate cross-functionally with business and technology stakeholders.
  
  
  

Nice-to-have:

• Information Security Certifications – Security (CompTIA), CISSP, CVA, CIPP, CRISC, CISM, SANS GIAC strongly preferred.
• Background within financial services would be extremely beneficial but not required.
  
  
  

Top Responsibilities:

• Serve as a key second line of defense partner, supporting the enterprise information security risk management program and conducting risk assessments to proactively identify issues.
• Analyze and review security control exceptions, assess risk impact, and support the documentation of compensating and mitigating controls.
• Track exception lifecycles, ensuring timely remediation or re-assessment, and facilitate upper management reviews and escalations as needed.
• Partner with first line technology teams and business units to advise on remediation plans and provide guidance on risk mitigation strategies.
• Facilitate and lead stakeholder meetings to drive the resolution of information security control gaps.
• Ensure GRC platform (e.g., RSA Archer) is used effectively for exception tracking, reporting, and compliance monitoring.
• Conduct periodic risk assessments using frameworks such as NIST, NIST-CSF, ISO 27001, and others as needed.
• Assist in the development of proactive strategies for risk reduction and control maturity improvement.
• Support incident response follow-ups and ensure identified weaknesses are addressed and tracked.
• Collaborate with internal audit, compliance, and enterprise risk management to ensure alignment of risk reporting and remediation activities.
  
  
  

Heitmeyer Consulting is an equal opportunity employer, and we encourage all qualified candidates to apply. Qualified applicants will be considered without regard to minority status, gender, disability, veteran status or any other characteristic protected by law.