It’s not just about your career or job title…

It’s about who you are and the impact you will make on the world. Because whether it’s for each other or our customers, we put People First. When our people come together, we Expand the Possible and continuously look for ways to improve what we create and how we do it. If you are constantly striving to grow, you’re in good company. We are revolutionizing the way the world moves for future generations, and we want someone who is ready to move with us.

Who will you be working with?

Join Enterprise Information Security (EIS) to drive cybersecurity excellence leveraging intelligence, strategic partnerships, and analysis. Collaborate daily with GRC, Architecture, Operations, and key Information Technology stakeholders to advance our information security capabilities.

How will you make a difference?

As a member of Information Security Assurance (ISA) team, we are looking for a Cybersecurity Risk Analyst. This role reports to the ISA Sr Manager within EIS, and will be responsible for designing, building, developing, implementing, and operating a strategic Risk Management program to protect the organization and its stakeholders while supporting our strategic objectives. This role needs a strategic thinker with a strong technical expertise and understanding of common threats, and deep knowledge of risk frameworks. The Risk Analyst will collaborate across departments to embed risk practices into business processes, drive governance, and support informed decision-making. This position plays a critical role in fostering a risk-aware culture across the organization, promoting awareness of security risks and empowering employees to actively contribute to enhancing the organization’s risk posture.

What do we want to know about you?

You must have:

• Bachelor’s degree in Business, Technology, Cyber Security, Technology Risk Management or related field or hands-on and strong experience
• 5+ years experience within IT operations, Security or Risk management
• Strong analytical and problem-solving skills; ability to decipher and prioritize asks accordingly
• Strong interpersonal skills.
• Knowledge of industry Risk management frameworks, common mitigation practices, and Organizational control management.
• Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant information security controls.
• Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together.
• Demonstrate proficiency in process formulation and improvement.
• Knowledge of operational security capabilities including access control, network security, secure configuration and vulnerability management, intrusion detection, security monitoring and incident response.
• Experience with auditors, both internal and regulatory to drive positive audit results with strong remediation paths.
• Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and remediations to executive management.

We would love it if you had:

• ISO 27001 and NIST CSF knowledge are highly desirable.
• Governance and Risk Certification a plus (CRISC, CISM, CISA, or CISSP)

What will your typical day look like?

The ideal candidate will have experience designing, building, operating, and maturing effective programs to manage Information Security Risks and their remediations.

Risk Management Program Development:

• Design and implement a comprehensive risk management framework tailored to the organization's needs.
• Establish risk assessment methodologies, including threat modeling and vulnerability scoring systems.
• Develop policies, procedures, and guidelines for risk identification, analysis, and mitigation.
• Create risk reporting structures and dashboards for effective communication to stakeholders.
• Continuously evaluate and streamline risk management processes to improve efficiency, reduce complexity, and enhance responsiveness to emerging risks.

Comprehensive Risk Identification, Assessment & Analysis:

• Lead and conduct comprehensive risk assessment to identify, prioritize and quantify potential and existing security threats and vulnerabilities across the organization’s systems, network, and applications.
• Utilize risk analysis methodologies and tools to assess the effectiveness of existing security controls and identify areas for improvement.
• Provide expert guidance on risk mitigation strategies and control implementation to minimize exposure to security risks.
• Develop risk management methodologies tailored to the organization’s specific risk profile and business priorities.
• Collaborate with stakeholders to establish risk tolerance levels and develop risk mitigation plans.

Risk Remediation Planning & Execution:

• Develop remediation plans based on the findings of risk assessments, prioritizing actions to address critical vulnerabilities and mitigate high-risk threats.
• Work closely with relevant stakeholders to implement security controls and measures to remediate identified risks effectively.
• Monitor the progress of remediation efforts and provide regular updates to management on the status of risk mitigation initiatives.
• Conduct post-remediation reviews and analysis to validate the effectiveness of remediation activities and identify any residual risks.

Risk-Awareness Culture:

• Drive clear, concise, pragmatic outcomes balancing risk with business objectives.
• Foster a culture of accountability and responsibility for information security by encouraging active participation in risk identification, reporting, and mitigation efforts.
• Promote open communication channels for reporting concerns and potential risks, and ensure timely resolution and escalation as needed.
• Establish channels for risk reporting and feedback from employees across departments.

Continuous Improvement & Adaptation:

• Establish metrics and KPIs to measure the effectiveness of the risk management program.
• Regularly review and update the risk management framework to address emerging threats.
• Stay informed on industry best practices and regulatory changes to enhance the program.
• Foster partnerships with internal and external stakeholders to evolve risk management capabilities.
• Be curious about our business and seek to understand.
• Bring new ideas, methods, and approaches to this role. Leverage own expertise to challenge the status quo and drive decisions

Physical Demands:

• Employee is required to work on a computer for up to 8 hours per day
• Employee may be in a sitting position for several hours per day
• Employee must be able to read small text on computer screens/monitors
• Employee is regularly required to talk and hear

Work Environment: (Usual office job)

• Hybrid work schedule (both on-site and remote)
• The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise

The salary range for this role is between $77,400.00-$110,300.00. The actual salary offered to a candidate may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at mywabtecbenefits.com. Other benefit offerings for this role may include an annual bonus, if eligible.