Cyber Risk Analyst

San Diego, CA - USA

Monthly Salary: Not Disclosed

Posted on: 3 days ago

Vacancies: 1 Vacancy

Job Summary

Please note that this position can be based in San Diego CA. Acadias hybrid model requires this role to work in our office three days per week on average.

Position Summary

The Cyber Risk Analyst will be responsible for developing implementing and monitoring a strategic comprehensive enterprise cybersecurity and cyber risk management program. The Cyber Risk Analyst will be an active member of any risk management committees. This position will have ownership the cyber Third Part Risk Management (TPRM) program.

Primary Responsibilities

Conduct risk assessments and audits of IT systems applications and third-party vendors.
Perform contract reviews with a focus on cybersecurity terms and third-party risk implications.
Develop and maintain risk registers mitigation plans and incident response strategies.
Perform and maintain Business Impact Analysis (BIA) of key systems and vendors.
Maintain the Business Continuity and Disaster Recovery Plan (BCDRP).
Collaborate with stakeholders across Legal/Compliance/Privacy Procurement IT and various business units to implement security controls and improve overall risk posture.
Maintain and enhance Governance Risk and Compliance (GRC) tools such as OneTrust.
Align cyber risk activities with relevant regulatory requirements (CCPA U.S. SEC GDPR NIS 2 Directive etc.).
Support SOX and ITGC compliance efforts including audit preparation evidence collection and control testing.
Contribute to the development and maintenance of security policies procedures and training programs.
Prepare risk reports for senior leadership and non-technical stakeholders translating technical findings into business-relevant insights.
Ensures that all actions both internally and externally working on Acadias behalf are in compliance with all laws regulations policies and demonstrates Acadia values.
Other responsibilities as assigned.

Education/Experience/Skills

Bachelors degree in Cybersecurity Information Systems Risk Management or a related field. Targeting 3 years of progressively responsible experience in cyber risk information security or IT audit. Advanced certifications (CISM/CRISC/CISA/FAIR/CISSP) strongly preferred. An equivalent combination of relevant education and experience may be considered.

Key Skills:

Proven ability to conduct risk assessments and audits of IT systems applications and third-party vendors.
Strong understanding of regulatory frameworks and standards including NIST ISO 27001 SOX GDPR NIS 2 Directive and FAIR.
Skilled in developing and maintaining risk registers mitigation plans and incident response strategies.
Proficient in GRC platforms such as OneTrust with experience in tool configuration and workflow optimization.
Strong analytical organizational and communication skills.
Skills to translate technical risk findings into actionable insights for senior leadership and non-technical stakeholders.
Ability to manage multiple priorities and work cross-functionally in a fast-paced environment.
Ability to travel on occasions.
Must be able and willing to travel on occasion.

Physical Requirements

This role involves regular standing walking sitting and the use of hands for handling or operating equipment. The employee may also need to reach climb balance stoop kneel crouch and maintain visual verbal and auditory communication in a standard office environment and while working independently from remote locations. The employee must occasionally lift and/or move up to 20 pounds. This position requires the ability to travel independently overnight and/or work after hours as required by travel schedules or business needs.

#LI-HYBRID #LI-CA1

Required Experience:

Please note that this position can be based in San Diego CA. Acadias hybrid model requires this role to work in our office three days per week on average.Position SummaryThe Cyber Risk Analyst will be responsible for developing implementing and monitoring a strategic comprehensive enterprise cyberse...