Cyber Risk Management Analyst

Location: Hybrid - Brooklyn, NYDuration: 2-year contract (+ potential 2-year extension)OverviewWe are seeking an experienced Cybersecurity GRC Analysts to support a large-scale, multi-year initiative focused on enterprise risk management, compliance, and security awareness. This is a key personnel role requiring strong expertise in federal security frameworks and governance practices.Key ResponsibilitiesLead enterprise-wide risk assessments to identify, evaluate, and prioritize cybersecurity risksEnsure compliance with NIST SP 800-53 and NIST SP 800-37 (RMF) through audits and Security Impact AnalysesMaintain and manage the enterprise Risk Register and oversee the full POA&M lifecycleMonitor and report cyber risks using dashboards, metrics, and executive-level reportingDesign and deliver security awareness programs, including phishing simulationsCollaborate with Cybersecurity Engineers and Business Analysts to define compliance controls and remediation prioritiesDevelop automated reporting, including risk heat maps and security posture insightsRequired Qualifications3+ years of experience in cybersecurity, risk, or GRC rolesStrong knowledge of GRC methodologiesTPRM, and federal compliance frameworks (FISMA, NIST)Experience with risk tracking, POA&M management, and security assessmentsHands-on experience with security awareness program developmentRequired Certifications (One of the Following)CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRCTechnical SkillsGRC Platforms (e.g., Archer, ServiceNow)TPRM Tools (e.g., OneTrust, Prevalent)Security Awareness Platforms (e.g., KnowBe4, Proofpoint)Microsoft Power BI, Advanced ExcelJIRA

Apply Now