Cybersecurity Senior Risk Analyst (Hybrid Contract Brooklyn, NY) 24 Month Contract

Cybersecurity Senior Risk Analyst (Hybrid Contract NYC)
Location: Hybrid 15 MetroTech Center, Brooklyn, NY (3 days onsite / 2 days remote Tuesdays & Fridays remote)
Employment Type: 24-Month Contract
Work Schedule: Monday Friday | 9:00 AM 5:00 PM | (35 hours per week only)

---

Position Overview
The City of New York is strengthening its cybersecurity posture and seeking experienced Cybersecurity Senior Risk Analysts to support enterprise-wide governance, risk, and compliance (GRC) functions. In this role, you ll help design, implement, and mature cybersecurity risk management practices across City agencies.

You will work directly with the CISO and senior leadership to establish forward-thinking risk frameworks, lead third-party risk assessment processes, and support governance efforts that ensure robust protection across vital city services.

---

Key Responsibilities

• Develop and enhance cyber risk assessment and governance frameworks for citywide implementation.
• Conduct third-party risk evaluations and create a comprehensive vendor monitoring process.
• Manage multiple risk-focused projects and collaborate across functional and organizational boundaries.
• Document, track, and report remediation progress in risk registers.
• Review and evaluate cybersecurity risk cases, exceptions, and justifications submitted by agencies.
• Assist in developing standard operating procedures, methodologies, and testing guidelines for risk management.
• Recommend and initiate corrective actions to address vulnerabilities and identified weaknesses.
• Partner with internal and external stakeholders, fostering awareness and continuous improvement of cyber risk management practices.
• Support special projects, audits, and data-driven risk governance initiatives as assigned.

---

Mandatory Qualifications

• Minimum 4 years of experience in cybersecurity risk management, risk assessment, or third-party/vendor risk governance.
• Strong understanding of risk frameworks, risk registers, and vulnerability assessment processes.
• Excellent communication and analytical skills, with the ability to interact with both technical and executive teams.

---

Preferred Qualifications

• Bachelor s degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.
• One or more of the following certifications (preferred but not required):
  • CISA, CISSP, CRISC, CISM, Security+, CySA+, CCNA, CEH, GISF, GSEC, or SSCP.
• Familiarity with frameworks such as NIST, ISO 27001/27002, CIS Controls, PCI DSS, or SANS.
• Knowledge of cybersecurity laws, regulations, and data privacy requirements.
• Strong investigative, analytical, and documentation skills.
• Experience using cyber risk management tools or GRC platforms.
• Knowledge of operating systems, networks, and data management principles.
• Self-driven, highly organized, and able to work both independently and collaboratively in diverse teams.

---

Additional Information

• Contract Duration: 24 months (January 2026 January 2028)
• Work Type: Hybrid 3 days onsite, 2 days remote
• Hours: 35 per week (normal business hours)
• Background check required prior to engagement.
• Candidates must be authorized to work in the U.S. (no sponsorship available).