Sr. Analyst, Cyber Risk Governance & Reporting

Job Overview

Senior Risk Governance and Reporting Technology Analyst reports to the Information Security and Technology Risk department, supporting the technology team to document, report, and track findings derived from risk-based discussions across the organization.

The role ensures leaders maintain clear, actionable, and forward-looking visibility into risk priorities based on information security policies, controls, audits, and regulatory requirements.

• Build strong relationships and engage frequently with technology and business leaders to align on risk priorities and drive accountability.
• Coordinate day-to-day governance activities required to deliver secure, resilient, and compliant technology solutions on time.
• Act as a liaison among Information Security, Enterprise Risk Management, Corporate Compliance, and Audit teams as required.
• Maintain knowledge of current and emerging technologies, including cloud, AI/ML, and automation, to assess and contextualize risk.
• Promote awareness of current security policies and standards, providing consistent interpretation and guidance.
• Schedule, coordinate, and/or facilitate meetings, capturing key decisions, risks, and action items with a focus on outcomes and accountability.
• Track scheduled activities, milestones, and metrics, delivering executive-level reporting that highlights risk exposure, trends, business impact, and remediation progress.
• Develop and enhance dashboards (e.g., CISO and related reporting) using modern visualization tools to provide real‑time or near‑real‑time insights into cybersecurity posture.
• Leverage data analytics and AI‑driven capabilities to improve risk identification, prioritization, and reporting, including trend analysis and anomaly detection.
• Work collaboratively across teams to document, report, and track findings and risks impacting applications, products, services, and tools.
• Develop and manage remediation plans, including scope definition, success criteria, milestones, deliverables, and evidence of risk mitigation.
• Contribute to evolving reporting from static metrics to actionable insights, including risk quantification and business impact alignment.

• 4+ years of experience in information security, technology risk, governance, or audit‑related roles.
• 1+ year of cyber security risk assessments.

• Strong analytical skills with the ability to interpret data and translate it into meaningful risk insights.
• Effective communication and interpersonal skills; self‑motivated with willingness to take on challenges and adapt to change.
• Excellent organizational, time management, and prioritization skills with strong attention to detail and ability to manage multiple tasks.
• Ability to interface effectively with all levels of staff and management, including executive stakeholders.
• Understanding of cybersecurity principles, frameworks, and best practices (e.g., NIST, ISO, or similar).
• Ability to work independently while contributing to team deliverables in a fast‑paced environment.

• Bachelor’s Degree in Information Systems or related field.
• Familiarity with data visualization tools (e.g., Power BI, Tableau) and interest in AI‑enabled reporting or automation tools.
• Experience with attestation engagements (Sarbanes‑Oxley, NYDFS, SOC1 or SOC2, etc.).

$92,906.00 – $

Principals only. EOE.