Senior Cyber Risk Analyst
We are seeking a Senior Analyst with a robust background in cybersecurity risk assessment and internal security audits, complemented by broad technical expertise across modern IT environments. This role requires a deep understanding of desktops, mobile devices, networks, operating systems, and cloud services, as well as the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders. The ideal candidate will possess advanced analytical skills, relevant certifications, and experience working cross-functionally—including direct client engagement—to support regulatory and business objectives.
Primary Responsibilities
* Conduct comprehensive risk assessments of information systems, applications, business processes, and underlying technical infrastructure—including desktops, phones, network devices, operating systems (Windows, macOS, Linux), and cloud platforms (AWS, Azure, GCP).
* Collaborate closely with compliance, legal, IT, business stakeholders, and external clients to understand operational requirements, regulatory obligations, and risk tolerance.
* Serve as a technical point of contact for clients, addressing and managing their technical requirements, security concerns, and risk management needs.
* Clearly document identified risks and work with stakeholders to propose, evaluate, and track compensating controls that address security gaps when standard controls are not feasible.
* Support and participate in internal security audits, ensuring findings are clearly communicated and remediation plans are actionable and understandable by both technical and non-technical teams.
* Prepare and deliver risk assessment reports and risk register updates to management, clients, and relevant teams, tailoring communication style and technical depth to the audience.
* Monitor the effectiveness of compensating controls and recommend improvements as needed to maintain compliance and reduce residual risk across diverse technical environments.
* Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and evolving enterprise technologies.
* Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements.
Qualifications/Skills Required
* Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
* 5+ years of experience in information security, with a strong focus on risk assessment and/or internal security audits.
* Demonstrated experience working with compliance, legal, business teams, and clients to assess and document security risks and compensating controls.
* Advanced knowledge of risk management frameworks (e.g., NIST, ISO 27001, CIS20) and regulatory requirements relevant to the financial sector
* Broad technical knowledge spanning desktops, mobile devices, networking, operating systems, and cloud services.
* Proficiency with risk analytics, GRC tools, and security assessment methodologies.
* Exceptional analytical, communication, and report-writing skills, with the ability to translate complex technical issues into clear, actionable recommendations for both technical and non-technical audiences.
Desired Skills
* Experience in the financial services sector or advisory work with a leading consulting firm.
* Familiarity with the design and evaluation of compensating controls in regulated environments.
* Ability to translate technical risks into business impacts and actionable recommendations.
* Experience presenting technical risk findings to executive leadership, clients, and non-technical stakeholders.
* One or more of the following certifications: CISSP, CISA, CompTIA CySA+
The estimated base salary range for this position is $175,000 to $250,000, which is specific to New York and may change in the future. Millennium pays a total compensation package which includes a base salary, discretionary performance bonus, and a comprehensive benefits package. When finalizing an offer, we take into consideration an individual’s experience level and the qualifications they bring to the role to formulate a competitive total compensation package.
#J-18808-Ljbffr