Senior Cyber Risk Analyst

Cyber Risk Register Management & Program Intake

• Own the Risk Lifecycle:
  Serve as the primary owner for the “care and feeding” of the Cyber Risk Register, overseeing the end-to-end lifecycle of cybersecurity risks, including identification, logging, analysis, treatment tracking, and closure.
• Risk Quantification & Scoring:
  Apply standardized risk assessment methodologies to accurately calculate risk impact/severity, likelihood/occurence, and controls/detectability, ensuring risks are prioritized effectively.
• Executive Reporting & Enterprise Alignment:
  Develop and maintain intuitive risk dashboards and Key Risk Indicators (KRIs). Provide clear, data-driven reports to the Director of Data Security, the CISO, and executive leadership regarding our current risk posture and remediation progress.
• ERM Integration:
  Actively support the broader Enterprise Risk Management (ERM) program by translating technical cyber risks into business impacts, ensuring seamless reporting to ERM leadership.
• M&A Due Diligence:
  Provide technical expertise during Mergers and Acquisitions (M&A). Conduct pre-acquisition security risk analyses and ensure post-acquisition inherited risks are properly ingested into the Cyber Risk Register and tracked to remediation.
• Global Compliance Support:
  Coordinate with Technology, Legal, and Security teams to ensure risk mitigation efforts align with required regulatory standards (e.g., HIPAA, HITRUST, GDPR, ISO
  27001).

• Experience:
  
  5+ years of technical experience in information security, risk management, or GRC within the technology, AI, or healthcare industries.
• Domain Expertise:
  Deep understanding of cybersecurity principles, threat landscapes, and control frameworks (e.g., NIST CSF, NIST
  800‑53, ISO
  27001, HITRUST).
• Risk Management Mastery:
  Proven track record of building, maintaining, or heavily contributing to a Cyber Risk Register. Experience with risk quantification methodologies and leading GRC platforms (e.g., Service Now GRC, RSAArcher, Audit Board, or similar).
• Project & Stakeholder Management:
  Exceptional ability to manage multiple concurrent programs, working proactively to align multi-disciplinary stakeholders toward secure outcomes.
• Communication
  
  Skills:
  
  Excellent written and verbal communication skills.
• Translator Ability:
  You must possess the unique ability to act as a “translator” of risk—taking complex technical vulnerabilities and clearly articulating the business risk to diverse teams of biologists, medical professionals, engineers, operators, and data scientists.

• Salary: CHI: $110,000‑$130,000 (location-based)
• Potential incentive compensation and restricted stock units.
• Medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

#LI-HR1 #LI-Hybrid