IT CYBER SECURITY RISK ANALYST - 2025-5219

The Cybersecurity Risk Analyst is a key member of the Digital & IT team, helping drive a culture of cybersecurity, improve risk posture, and enhance user-focused security practices across the enterprise.
This individual will serve as a backup to the Security Engineer(s), assisting with incident response, employee support, and cybersecurity projects. They will lead efforts to improve employee cybersecurity awareness, champion a Zero Trust approach to access and identity management, and help ensure business continuity and disaster recovery plans are in place, tested, and improved over time.
This role blends hands-on technical support with program management and education, making it ideal for someone who is both people-oriented and detail-driven.

Essential Job Functions                                                                

Security Operations Support

• Act as a secondary resource for daily security monitoring, incident response, and vulnerability remediation.
• Assist in configuring and managing tools related to endpoint protection, logging, email security, and access control.
• Help execute security-related projects, such as patching programs, encryption rollouts, and policy enforcement.

Access Management & Zero Trust Initiatives

• Help assess and improve identity and access management practices across systems.
• Partner with IT teams to implement role-based access controls and Just-In-Time access principles.
• Lead projects and process design supporting Zero Trust architecture, especially for remote access and SaaS tools.
• Participate in account reviews and privilege audits to ensure appropriate access levels.

Cybersecurity Awareness & Culture

• Develop and lead training and awareness campaigns to reduce employee-related cyber risk.
• Manage phishing simulation programs and track effectiveness.
• Deliver cybersecurity onboarding for new employees and ongoing training for all staff.
• Serve as the go-to contact for employee questions related to phishing, passwords, or safe technology use.

Risk Management & Resilience

• Own the development and maintenance of Business Continuity and Disaster Recovery plans.
• Facilitate tabletop exercises and capture lessons learned to enhance resilience.
• Collaborate with IT and business leaders to identify and reduce operational risk.
• Contribute to regulatory, insurance, and customer security documentation as needed.

Governance, Policy, and Metrics

• Assist in drafting and maintaining cybersecurity policies and procedures.
• Track and report on training compliance, incidents, and risk KPIs.
• Stay current on emerging cyber threats and security trends, providing proactive recommendations.
• Coordinate with external vendors (e.g., MDR, IAM, phishing) and internal teams to support tool effectiveness and projects.

Minimum Requirements, Education & Experience (incl. KSA’s and certifications)

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field
• 2+ years in IT or cybersecurity roles, ideally with experience in user support, IAM, or risk management
• Excellent communication and teaching skills; comfortable presenting to technical and non-technical audiences
• Familiarity with Zero Trust concepts and tools (e.g., MFA, identity providers, conditional access)
• Working knowledge of phishing, endpoint protection, and threat mitigation techniques
• Strong organizational and documentation skills

Desirable Criteria & Qualifications

• Security certifications (e.g., Security+, SSAP, GSEC, or similar)
• Experience with identity & access management tools (e.g., Azure AD, Okta, Duo, etc.)
• Experience managing phishing simulation platforms (Mimecast, KnowBe4)
• Familiarity with business continuity planning and disaster recovery best practices
• Experience conducting or facilitating tabletop exercises
• Exposure to NIST, ISO 27001, or CIS Controls frameworks
• Manufacturing, regulated industry, or multi-site IT experience