IT Cyber Security Risk and Compliance Analyst - Military veterans preferred

IT Cyber Security Risk and Compliance Analyst

US-NY-Any City

Job ID: 2025-14205
Type: Employee
# of Openings: 1
Category: Information Technology
US-NY - Work from Home

Overview

Under the direction of the Manager Cyber Risk and Compliance, this individual plays a crucial role in bridging the gap between cybersecurity, IT, and business operations.  This person is expected to be both technically experienced and business aligned as s/he works with both IT and business stakeholders to assess the risk and compliance of existing solutions and new initiatives.

We are seeking an experienced Cybersecurity Risk and Compliance Analyst to join our team. The successful candidate will be responsible for a multitude of service lines within cybersecurity, including performing risk assessments, managing the awareness program, administering vulnerability management processes, represent the cybersecurity team in the execution of projects and initiatives, and maintaining cybersecurity dashboards / KPIs.

This role is responsible for ensuring that governance, risk and compliance projects are effectively and efficiently executed, as well as identifying areas for improvement across the cybersecurity GRC lines of service.

This individual will be highly driven (“high motor”), able to balance active priorities, be meticulous and planful. They will be comfortable addressing ambiguity, able to consistently deliver results, be naturally curious and highly accountable, and approach situations in a thoughtful and process-oriented manner. This person will work closely with individuals at all levels of the information technology organization and business partners (executives, peers, staff members, individual contributors, cross-functional team members) to identify risk and compliance gaps, provide guidance on remediation, and provide consultation on adherence to ITT security policy for all aspects of the global organization.

• Maintain the cybersecurity awareness training program, including web-based training modules and phishing simulations.
• Provide insights into emerging regulations and industry trends relevant to our sector and contracts.
• Work with business stakeholders to validate and maintain compliance with industry frameworks and regulatory requirements, such as CMMC, TISAX, etc.
• Develop metrics and dashboards to measure program effectiveness and report findings to leadership.
• Compile and present KPIs and KRIs related to cybersecurity and IT security functions.
• Collaborate with varying  IT teams to develop mitigation or remediation plans.
• Act in the role of Business Analyst to:
  • Collaborate with cross-functional teams to understand business processes, security needs, and compliance requirements.
  • Translate business needs into actionable security requirements.
  • Document existing processes and workflows, identifying security gaps and areas for improvement.
  • Provide business impact analysis for remediation projects.
  • Liaise with various teams (IT, Operations, and Compliance) to align vulnerability management activities with business objectives.
  • Communicate security risks, recommendations, and progress in non-technical language to business stakeholders.
• Conduct risk assessments for solutions proposed by the business.
• Perform risk assessments on vendors and other third parties with whom ITT wishes to conduct business.
• Complete security questionnaires that are requested by ITT’s customers.
• Maintain suites of information (e.g., SharePoint) to facilitate access by end-users.
• Maintain GRC toolsets, including awareness and phishing simulations tools, risk registers, third-party risk management/questionnaire tools, etc.
• Support cyber security governance in the formulation of cyber-related policies, standards and procedures.
• Meet tight deadlines in a fast-paced environment.
• Document processes and activities for repeatable results.
• Other tasks and/or projects as assigned.

Education: Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field; Professional certifications such as CISSP, CISM, CRISC, or CGRC are a plus.

Experience: Minimum of 3 to 5 years of experience in cybersecurity, or another discipline with transferable skills. The ideal candidate will have a broad set of experiences (IT operation, systems administration, cybersecurity, audit) ranging subject matter areas such as risk identification and management, compliance frameworks and assessments, and cybersecurity administration.

Skills/Knowledge:

• Familiarity with frameworks like NIST 800-171, CMMC, ISO 27001, and NIS2 compliance is highly preferred.
• Demonstrated experience in business analysis, including requirements gathering and process documentation.
• Ability to assess risk and compliance gaps in a complex, multi-technology, global environment with a business mindset – balancing cyber risk with effective business processes.
• Understand risk sources, potential impacts, and likelihood.
• Ability to advise on risk response and mitigations to risk.
• Possess the ability to identify insecure ports/protocols.
• Strong knowledge of vulnerability management processes and patch management lifecycle.
• Analytical mindset and problem-solving skills to prioritize and manage risks effectively.
• Collaborative team player with the ability to build strong relationships across departments.
• Demonstrated ability to write clear and concise technical documentation and policies.
• Ability to multi-task and change priorities with short notice.
• High standard of professionalism and ethics.
• Possess the ability to use Excel pivot charts, PowerBI, and similar technologies to aggregate and display metrics.
• Exceptional communication skills, with the ability to translate complex technical concepts into business language.
• Knowledge of and experience with OT environments and ICS systems, preferred

Competencies/Traits:

• Highly self-motivated and self-directed.
• Comfortable with hands-on approach to addressing complex problems to gain a grounded and granular understanding, make informed decisions and take appropriate actions
• Ability to be challenged with ambiguous situations; dissect and plan the work that simplifies the work for themselves and others, with a focus on delivering results.
• Passion for data and innovation.
• Proven ability to manage multiple projects to completion while maintaining quality standards and project deadlines.
• Understands when new or alternate solutions are necessary and begins discussions with IT management and business/functional partners to identify needed improvements to the solution/service framework.
• Leverages experience collaborating across cultures and organizations. 
• High focus on interpersonal and cultural understanding across disparate teams work settings by initiating conversations with others.
• Shares information proactively, directs workflows to leverage the expertise of individuals, and promotes a team approach to achieve common goals.
• Leverages existing solutions, knowledge base, and best practices, and works within the approved policy/governance framework.
• Gains trust by listening effectively, being open and transparent, and demonstrating results that the customer, business, or function values.
• Demonstrates a sense of pride in the quality of his/her own work, and a willingness to take initiative to meet the challenges of the customer, business, or function.
• Promotes accomplishments while holding others accountable for results.
• Excellent written and oral communication skills.
• Effective interpersonal skills, with a focus on listening and questioning skills.
• Strong documentation skills.
• Ability to conduct research into a wide range of computing issues as required.
• Ability to absorb and retain information quickly.
• Ability to present ideas in user-friendly language to non-technical staff and end users.
• Keen attention to detail.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience working in a team-oriented, collaborative environment.
• Self-directed, self-starter and strong analytical & problem-solving skills.
• Ability to work well under stress.

Work Conditions:

• Carry a Smartphone 24X7 for the purpose of escalation.
• On-call availability as an escalation point or in critical situations.
• Due to time zone difference and appropriate meeting times, flexible work hours may be required.
• Sitting for extended periods of time.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, and to handle other computer components.
• Lifting and transporting of moderately heavy objects, such as computers and peripherals.
• Additional working hours as required.
• Travel less than 10% may be required for special projects

#LI-REMOTE

#LI-BS1

PI270622509