IT Risk Analyst

Job Title: IT Risk Analyst

Location: Preferred hybrid in Cincinnati, OH or Remote within 30 minutes of a hub city (Cincinnati)

6-12 Month Contract to hire

Requirements

Education and Certifications:

• Bachelor’s degree in a related field.
• Certifications preferred: CISSP, CISA, or CRISC.

Experience:

• 5-10 years of experience in governance, risk, and compliance, with a focus on Cyber Risk management.
• Proficiency in compliance management software (e.g., Archer, ServiceNow, MetricStream).

Skills:

• In-depth understanding of regulatory frameworks and industry compliance standards.
• Strong analytical and problem-solving skills with attention to detail.
• Proficiency in managing and communicating risk to technical and non-technical audiences.
• Familiarity with cyber security frameworks, such as NIST-CSF.
• Ability to develop standards for legal compliance and implement process improvements.

Job Summary

The IT Risk Analyst supports the IT Risk Management practice by performing assessments of potential risk exposures and preparing actionable reporting. The ideal candidate will manage cyber risk assessments, evaluate operational controls, and communicate risk scenarios to management. This role offers autonomy to shape the risk program while fostering strong partnerships with internal stakeholders to promote a risk-first culture and enhance enterprise-wide compliance.

Key Responsibilities

• Cyber Risk Assessments: Manage and conduct cyber risk assessments, evaluating alignment with operational controls and risk treatment needs.
• Threat and Risk Scenario Analysis: Frame, update, and analyze threat scenarios to inform cyber risk management practices.
• Risk Communication: Effectively communicate cyber risk to management, stakeholders, and employees.
• Risk Dashboards and Reporting: Develop comprehensive dashboards and reports based on complex risk, process, and control relationships.
• Risk Appetite and Treatment: Assess and update risk appetites for lines of business (LOB) and evaluate treatment options, facilitating informed decisions.
• Compliance and Audits: Support internal/external audits and regulatory exams, ensuring robust risk management oversight.
• Training and Culture Building: Train employees on cyber risk awareness and foster a risk-first organizational culture.