Job Title: Senior Cybersecurity Risk Management Analyst
Location: South-field, Michigan
Job Type: Full-Time
About the Role:
We are currently seeking an experienced Senior Cybersecurity Risk Management Analyst to join our team. In this role, you will be responsible for identifying, managing, and responding to cybersecurity risks, ensuring they are managed within a defined risk tolerance. You will regularly perform cybersecurity risk assessments, monitor and measure risk treatment activities, and produce updated metrics and reports for leadership.
Key Responsibilities:
- Perform cybersecurity risk assessments to identify risks, provide remediation recommendations, and facilitate risk treatment.
- Assist in identifying, monitoring, reporting, and responding to cybersecurity risks through the development of action plans to manage risks within acceptable tolerance levels.
- Communicate identified risks to stakeholders, including working with the business to determine whether to accept, remediate, or mitigate identified risks.
- Facilitate the development of action plans to manage risk within acceptable risk tolerance levels.
- Review risk management processes periodically for effectiveness and conduct cybersecurity risk assessments regularly.
- Assist cybersecurity and management with defining acceptable risk tolerance levels.
- Provide guidance to key stakeholders in the development and implementation of risk treatment plans based on risk acceptance criteria.
- Monitor and measure risk treatment activities and document metrics and reporting.
Qualifications:
- 5+ years of experience consulting or working in Cybersecurity and/or IT risk management.
- Bachelor's degree or equivalent industry experience; post-graduate degree is a plus.
- Strong understanding of information security risk management and risk assessment frameworks, processes, and risk rating levels.
- Experience performing security risk assessments utilizing established industry frameworks (ISO, NIST, etc.).
- Competency in cybersecurity frameworks including ISO 27001, NIST CSF, NIST 800-53, and PCI.
- Certified in one or more of the following: CRISC, CISA, CISM, CISSP, SANS GIAC Security Certifications, etc.
- Ability to communicate and present security risks concisely and effectively based on the appropriate level of management and stakeholder groups.
- Ability to work well in a demanding, dynamic environment, and meet overall objectives.
- Preferred: Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel.
- Automobile and/or manufacturing industry experience is a plus.
