Senior Cybersecurity Risk Analyst

Veteran-Owned Firm Seeking a Senior Cybersecurity Risk Analyst for a Hybrid Assignment in New York, NYMy name is Stephen Hrutka. I lead a Veteran-Owned management consulting firm in Washington, DC. We specialize in Technical and Cleared Recruiting for the Department of Defense (DoD), the Intelligence Community (IC), and other advanced defense agencies.At HRUCKUS, we support fellow Veteran-Owned businesses by helping them recruit for positions across organizations such as the VA, SBA, HHS, DARPA, and other leading-edge R&D-focused defense agencies. We seek to fill a Senior Cybersecurity Risk Analyst role in New York, NY.The ideal candidate is a NY resident with at least 4 years of experience in risk management, cybersecurity risk assessment, or third-party cybersecurity evaluation. A BS/BA in a related field or industry certifications such as CISA, CISSP, or CRISC are a plus. If you’re interested, I'll gladly provide more details about the role and discuss your qualifications further. Thanks, Stephen M Hrutka Principal Consultant HRUCKUS LLC Executive Summary: HRUCKUS is looking for an experienced Cybersecurity Senior Risk Analyst 1 to implement tools and practices that enhance processes related to third-party risk management, risk assessment, and general cyber risk governance for New York City agencies.Position Description: The Senior Risk Analyst is a critical role dedicated to managing governance, risk, and compliance (GRC) functions to strengthen the cybersecurity posture of New York City agencies. Reporting to the CISO and senior executives, the analyst will lead the development of a Citywide Cybersecurity risk program, focusing on transitioning to user-centric risk assessments and building a comprehensive third-party vendor register. This role is vital for mitigating significant operational and legal risks, as 30% of security breaches are now linked to third-party involvement, and a lack of mature risk governance could leave the City unable to prove due diligence during audits or lawsuits. By collaborating with diverse stakeholders and subject matter experts, the analyst ensures that risks are actively managed throughout the entire vendor lifecycle, preventing inaccuracies in data and the mismanagement of critical information. Position Job Duties:Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City;Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise;Work with stakeholders across various divisions, soliciting input and working through feedback;Evaluate risk of third parties used by New York City agencies;Document and track remediation of risks in the Risk Register;Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies;Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines;Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary; Engage in communications with NYC Agencies;Handle special projects and initiatives as assigned.Position Qualifications:Minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team.Ability to work effectively in a team environment.Being highly organized, motivated and a self-directed professional.Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services.Understanding of commonly used computer operating systems, databases, network structures.Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS)Investigative and analytical skills.Excellent oral and written communication skills;Knowledge of the current and evolving cyber threat landscape;Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacyDesirable Education/Certifications:BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field.One or more of the following certifications are a plus:Certified Information Systems Auditor (CISA)Certified Information Systems Security Professional (CISSP)Certified in Risk and Information Systems Control (CRISC)Certified Information Security Manager (CISM)CompTIA Security+ CompTIA Network+CompTIA A+CompTIA CySA+Cisco Certified Network Associate - CCNACEH: Certified Ethical HackerGIAC Information Security Fundamentals (GISF)GIAC Security Essentials (GSEC)(ISC)2 Systems Security Certified Practitioner (SSCP)Details:Job Title: Senior Cybersecurity Risk AnalystLocation: 15 MetroTech Center, 16th Floor, Brooklyn, NY 11201Assignment Type: 24-month contractWork Arrangement: Hybrid (3 days in the office, Tuesdays and Fridays are remote)Pay Range: $65 to $75 per hour