We are partnering with a global organisation seeking a Cybersecurity Risk Analyst to join their Global Cyber & Information Security function. This role is focused on third-party/vendor risk assessments, supporting business initiatives by identifying, assessing, and mitigating cybersecurity risks while ensuring alignment with internal policies and industry standards.
Location: Denver, Colorado, USA
Experience Required
- 3+ years’ experience in cybersecurity risk management, IT security controls, or IT audit
- Proven experience conducting third-party/vendor risk assessments within enterprise environments
- Strong understanding of industry frameworks such as NIST, ISO 27001, SOC 1/2, PCI-DSS, and GDPR
- Familiarity with risk assessment methodologies and tools such as SIG, CAIQ, and audit-based approaches
- Experience reviewing and evaluating security controls, policies, and compliance documentation
- Relevant certifications such as CISSP, CISM, CISA, CRISC, or Security+ are preferred
- Ability to communicate complex security concepts clearly to both technical and non-technical stakeholders
- Strong stakeholder management skills with the ability to influence decision-making
Key Responsibilities
- Conduct detailed cybersecurity risk assessments for third-party vendors and business partners
- Review and evaluate security controls to ensure alignment with internal policies and regulatory requirements
- Develop and document risk profiles using questionnaires, frameworks, and internal standards
- Provide clear, actionable recommendations to mitigate identified risks
- Collaborate with IT, security, and business teams to support secure project delivery
- Advise stakeholders on security policies, regulatory obligations, and best practices
- Maintain accurate documentation of assessments within internal risk management platforms
- Report on risk posture, findings, and remediation progress to senior stakeholders
- Support the review and approval of security policy exceptions and provide recommendations
- Contribute to the continuous improvement of security processes, frameworks, and tools
If interested, please apply with your updated CV.
