Sr Cyber Risk Analyst

September 14, 2024
Apply to this job

Job Description

Description: Intro The Sr Cybersecurity risk analyst team within the Cyber Risk & Audit Governance team will support AA s overall goals through supporting the day-to-day operations of the cybersecurity risk management program, using prior experience and expertise to align cybersecurity risk management initiatives with overall business objectives. The AA Cybersecurity Program currently has a sub-product team titled Cyber Risk Analysis dedicated to identifying, analyzing, and prioritizing IT Cyber Risk to American IT Systems What You’ll Do Key Responsibilities: o Conduct risk assessments to identify and evaluate potential cybersecurity risks. o Analyze and interpret risk assessment findings and provide actionable recommendations to mitigate identified risks. o Develop and implement risk management strategies to minimize cybersecurity threats. o Collaborate with issues and exceptions stakeholders to raise risks and remediate issues. o Review policies and procedures that demonstrate compliance with regulatory requirements, working to address gaps and inconsistencies as needed. o Collaborate with stakeholders to ensure compliance with relevant regulations and industry standards. o Stay updated on emerging cybersecurity threats and trends to proactively identify potential risks. o Provide guidance and support to teams across the organization to improve cybersecurity posture. o Participate in incident response activities and assist in the investigation of security incidents. o Contribute to the development and maintenance of cybersecurity policies, procedures, and guidelines. o Conduct periodic reviews of existing security controls and recommend enhancements as necessary. o Support cyber risk analyst team members in day-to-day activities and provide training as needed. Decision making (what decisions will this position be making): Assess and prioritize cybersecurity risks. Identify potential risk mitigation strategies and controls to address identified risks. Identify areas for improvement in cybersecurity practices. Collaborate with stakeholders to determine appropriate risk management approaches. Impact (how and who will these decisions impact): The Sr, Cyber Risk Analyst role will bring expertise in identifying and mitigating cyber risks, resulting in enhanced cybersecurity measures such as improved risk management frameworks, and increased organizational resilience to cyber threats. The role will support development of strategies to strengthen security measures, and ensure compliance with relevant laws and regulations. Communication (who will this position communicate with and in what capacity): Manager, Risk Management Report to Risk Management Manager and provide progress updates on day-to-day cyber risk management operations and activities Attend regular meetings and reporting to facilitate the exchange of information, alignment of goals, and coordination of efforts between both roles. Cybersecurity Product Teams Engage with cybersecurity product teams to support identification, validation, and remediation of gaps and findings from cybersecurity risk assessments. Conduct regular meetings and feedback to facilitate effective communication and collaboration between analyst role and cybersecurity product teams. Minimum Qualifications- Education & Prior Job Experience Education (Degree and level of attainment): a. Bachelor’s degree in computer science, information systems, or a related field. Experience (Industry/function and years of experience): a. Experience (5 years) in cyber risk management, information security, or a related field, with a focus on developing and implementing risk management strategies. b. Experience in conducting cybersecurity risk assessments. c. Strong understanding of cybersecurity risk assessment methodologies and risk mitigation strategies. d. Understanding of relevant cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and regulations (e.g., TSA Cyber Amendment, HIPAA, GDPR). e. Knowledge of risk NIST 800-30 guidance principles f. Experience operationalizing Cybersecurity risk assessment roadmap. Preferred Qualifications: a. Familiarity with industry-specific regulations (e.g., TSA, FAA, PCI DSS) and their cybersecurity requirements. b. Experience working in highly-regulated industries such as finance, healthcare, or government. Knowledge, skills, and abilities: a. Strong ability to collaborate and work effectively with cross-functional teams. b. Strong analytical and problem-solving skills. c. Demonstrated capability to identify and assess risks associated with technology systems and processes. d. Strong knowledge of cybersecurity technologies, tools, and best practices. e. Understanding of cybersecurity risk assessment methodologies, frameworks, and tools. f. Ability to stay updated with the latest cybersecurity trends, threats, and regulatory changes. Certifications: a. Any or at least one of the following CRISC, CISA, CISM, CISSP desirable but no a deal breaker Glider Assessment Required? Additional Details Glider Assessment Required? : No Glider Assessment Name (If Applicable) (drop down) : N/A Does Contractor Need Their Own Laptop? : No Laptop Specs : NA manager will provide