Risk and Governance Analyst

The Risk and Governance Analyst collaborates with various business groups to identify, measure, manage, and report organizational and enterprise risks. This role leverages expertise in both cyber and physical security to recommend effective mitigations and enhance the overall security posture of the company.

Key Responsibilities

• Conduct comprehensive risk assessments for cyber and physical security threats.
• Participate in developing and maintaining formal security policies, procedures, and methodologies for information systems and IT/OT infrastructure.
• Identify, document, and report security risks and exposures.
• Evaluate system architectures and recommend security control designs to strengthen defenses.
• Prepare detailed security analysis and findings reports.
• Collect and analyze historical system access data and generate reports.
• Coordinate resolution of issues recorded in the risk register.
• Stay current with application system technologies/products and recommend tactical and strategic upgrades.
• Support complex application systems and business processes.
• Develop and deliver security training and awareness programs.
• Coordinate internal and third-party audits.
• Prepare reports and presentations for senior management and stakeholders.
• Participate in governance teams to interpret business issues and recommend best practices.
• Suggest improvements to business processes supported by application systems.
• Perform additional duties as assigned.

• Working knowledge of security procedures for information systems and IT/OT infrastructure.
• Understanding of hardware, software, networks, operating systems, databases, and applications.
• Deep knowledge of System/Solution Delivery Lifecycle (SDLC).
• Familiarity with governance frameworks such as SOX, NIST, NERC, COBIT, ITIL, ISO.
• Proven ability to develop effective presentations and briefings for all organizational levels.
• Experience in risk assessments, application security, control design, vulnerability assessments, or penetration testing.
• Excellent verbal and written communication skills.
• Strong leadership, analytical, and problem-solving skills.
• Ability to work collaboratively in a fast-paced team environment.
• Skilled in investigating and analyzing information to draw conclusions.
• Ability to plan, implement, test, and troubleshoot system software.
• Ability to communicate technical guidance to users.

• Bachelor’s Degree OR 8 years of directly related experience.
• Minimum 4 years in risk management, governance, or security roles.

• CISSP, CISM, or CRISC certifications are desired.

• Office environment with extensive computer use.
• Ability to work outside normal hours to meet deadlines and support needs.

Cell phone
* This field is required Please enter valid cell phone.

First Name
* This field is required Please enter valid first name.

Last Name
* This field is required Please enter valid last name.