Senior Analyst, Cybersecurity​/IT Control Design and Monitoring

Location: New York

## Senior Analyst – Cyber Risk & Control Monitoring Apply remote type:
Hybrid - In office 3 days per week locations:
New Yorktime type:
Full time posted on:
Posted Yesterday job requisition :
R
** Senior Analyst – Cyber Risk & Control Monitoring
**** Position Summary
** Do you want to be part of a collaborative Cybersecurity Governance team? Are you a problem solver who enjoys diving into security risk, translating complex technical concepts for business partners, and driving meaningful risk reduction across the enterprise?

As a Senior Analyst, Cybersecurity Continuous Control Monitoring (CCM), you will contribute to an enterprise-wide program that provides ongoing assurance that key cybersecurity and technology controls are operating effectively. You will translate control requirements into measurable tests and monitoring, partner with control owners to investigate control failures, and drive remediation through to closure. You will continuously seek out opportunities to improve controls including through automation and AI.  

You may also help to proactively identify risks and gaps and design controls to address them working in collaboration with process owners, risk and internal audit subject matter experts.

This role strengthens audit and regulatory readiness by producing timely, accurate, and repeatable evidence and reporting that supports risk-based decision-making.
** You are
*** Passionate about improving control effectiveness through measurable, repeatable monitoring and testing
* Driven to simplify ambiguity, establish operational cadence, and deliver outcomes without constant direction
* Detail-oriented with a strong quality bar for evidence, documentation, and data integrity
* Organized and flexible in managing multiple control domains, stakeholders, and deadlines
* An excellent communicator who can explain control expectations, test results, and remediation requirements in business-relevant terms
* Collaborative and comfortable influencing control owners, engineers, and leaders to drive timely risk reduction
* Analytical, with the ability to interpret logs, reports, and datasets to identify trends and control breakdowns
** Required qualifications
*** Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a related field (or equivalent experience)
* 5+ years of experience in information security, technology risk, control testing/assurance, audit, or GRC
* Hands-on experience coordinating audits/assessments (internal audit, external audit, or customer assurance), including evidence collection and narrative responses
* Experience managing risk/issue registers and driving remediation tracking (owners, due dates, evidence of closure, and risk acceptance)
* Strong written and verbal communication skills, including the ability to produce executive-ready summaries and action-oriented reporting
** Preferred qualifications
*** Experience designing and executing control tests (design and operating effectiveness) and documenting test procedures/results
* Strong understanding of control frameworks and regulatory expectations (e.g., NIST CSF/800-53, MAR, SOC 2, NYDFS, etc.)
* Experience building dashboards/metrics and presenting control health trends, key risks, and recommended actions
* Experience working with public cloud platforms (AWS, Azure, GCP) and validating control evidence (e.g., IAM, logging, encryption, configuration baselines)
* Familiarity with CCM/monitoring tooling and data sources
* Relevant certifications (e.g., CISSP, CISA, CRISC, Security+, CCSP) or demonstrated progress toward one
** You will:
**** Continuous Control Monitoring
*** Contribute to the implementation and day-to-day operation of the continuous control monitoring (CCM) program, including control scope, design, improvement, and monitoring cadence, thresholds, and escalation paths
* Monitor control health metrics and risk indicators (KPIs/KRIs) to proactively detect control degradation and configuration drift
* Partner with control owners to validate control performance, investigate exceptions, and document root cause and corrective actions
* Leverage automation and tooling to enhance near-real-time…