Senior Information Security Risk Analyst

Position: Senior Information Security Risk Analyst

Location: 100% Remote

Role Summary

We are seeking a Senior Information Security Risk Analyst to support the review, update, and risk assessment of enterprise cybersecurity standards. This role will be central to facilitating cross-functional stakeholder engagement, evaluating technical and operational impact, documenting risk decisions, and guiding standards through the established change management process.

Key Responsibilities

• Facilitate the review of the lifecycle of cybersecurity standards.
• Conduct and document business impact assessments (BIA) for proposed updates to the cybersecurity standards, focusing on operational, compliance, and support implications.
• Partner with SMEs in Cybersecurity, IT, Compliance, and Audit to validate revisions.
• Coordinate and document working sessions, gathering stakeholder feedback and aligning final decisions.
• Draft, edit, and version-control cybersecurity operational and technical standards documentation.
• Maintain clear and audit-ready documentation of change rationale, versioning, and governance approvals.
• Support communication and training coordination planning for standards with operational impact
• Track and report status across multiple concurrent standards updates
• Ensure all work aligns with Cybersecurity Standards Management Platform processes and NIST CSF-aligned control frameworks.

Required Skills & Experience

• 10+ years in information risk management, standards governance, or IT compliance roles
• Strong understanding of IT infrastructure, enterprise operations, and risk impact assessment methodologies
• Experience conducting or supporting business impact assessments (BIA) (technical and business)
• Proficient in project facilitation, stakeholder engagement, and governance coordination
• Excellent technical writing skills for standards, procedures, and governance risk documentation
• Working familiarity with frameworks such as NIST CSF, NIST 800-53, ISO 27001, or CIS Controls
• Experience using tools like SharePoint or GRC platforms
• PMP, CISSP, CRISC, or similar certification is a plus

Ideal Candidate Profile

• Able to translate standards changes into operational and risk-oriented impacts
• Comfortable working independently while coordinating across multi-disciplinary teams
• Strong attention to detail and strong organizational skills and commitment to documentation quality and follow through.
• Thrives in a structured, process and governance-driven environment.