Cyber Risk Management Analyst

Location: Hybrid – Brooklyn, NY

Duration: 2-year contract (+ potential 2-year extension)

Overview

We are seeking an experienced Cybersecurity GRC Analysts to support a large-scale, multi-year initiative focused on enterprise risk management, compliance, and security awareness. This is a key personnel role requiring strong expertise in federal security frameworks and governance practices.

Key Responsibilities

• Lead enterprise-wide risk assessments to identify, evaluate, and prioritize cybersecurity risks
• Ensure compliance with NIST SP 800-53 and NIST SP 800-37 (RMF) through audits and Security Impact Analyses
• Maintain and manage the enterprise Risk Register and oversee the full POA&M lifecycle
• Monitor and report cyber risks using dashboards, metrics, and executive-level reporting
• Design and deliver security awareness programs, including phishing simulations
• Collaborate with Cybersecurity Engineers and Business Analysts to define compliance controls and remediation priorities
• Develop automated reporting, including risk heat maps and security posture insights

Required Qualifications

• 3+ years of experience in cybersecurity, risk, or GRC roles
• Strong knowledge of GRC methodologies, TPRM, and federal compliance frameworks (FISMA, NIST)
• Experience with risk tracking, POA&M management, and security assessments
• Hands-on experience with security awareness program development

Required Certifications (One of the Following)

• CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC

Technical Skills

• GRC Platforms (e.g., Archer, ServiceNow)
• TPRM Tools (e.g., OneTrust, Prevalent)
• Security Awareness Platforms (e.g., KnowBe4, Proofpoint)
• Microsoft Power BI, Advanced Excel
• JIRA