Cybersecurity Risk Analyst - Pipeline

Cybersecurity Risk Analyst Key Responsibilities

Conduct comprehensive cybersecurity risk assessments across state agencies, identifying threats to systems, applications, networks, and workflows.

Document vulnerabilities, assess their potential impact, likelihood of exploitation, and affected areas, and prepare detailed risk assessment reports for stakeholders.

Evaluate security measures against regulatory standards (e.g., HIPAA, IRS Pub1075, PCI, CJIS) and recommend improvements to ensure compliance.

Collaborate with cross-functional teams to develop and implement risk mitigation plans, reducing risks to acceptable levels.

Provide consultative guidance on risk response strategies, policies, and processes to address security gaps.

Manage relationships with business partners, leading discussions on information security risks and mitigation approaches.

Contribute to the development of training materials and operational practices to promote compliance and risk awareness.

Stay current with advancements in information security, risk assessment methodologies, and regulatory frameworks to enhance risk management initiatives.

Prioritize and manage risk assessment projects, ensuring timely delivery and alignment with organizational objectives.

Support the development and deployment of procedures and activities for the Risk Management Program. Required Skills and Qualifications Risk Assessment and Analysis (50%)

Demonstrated experience in cybersecurity risk management, with expertise in conducting risk assessments for IT systems and environments.

Strong understanding of information security principles, concepts, and best practices, including vulnerability analysis and impact assessment.

Proficiency in security frameworks and standards (e.g., NIST Cybersecurity Framework, CIS Controls).

Ability to create comprehensive risk assessment reports and present findings clearly to technical and non-technical stakeholders.

Effective project management skills to prioritize tasks, manage deadlines, and deliver actionable insights. Compliance and Stakeholder Engagement (50%)

Knowledge of industry compliance standards (e.g., HIPAA, IRS Pub1075, CMS, PCI, CJIS, Social Security Administration) and their application to security practices.

Strong written and oral communication skills to collaborate with stakeholders and develop compliance-driven plans, policies, and procedures.

Ability to make sound decisions, exercise discretion, and display judgment in managing sensitive security matters.

Experience building relationships with business partners and leading discussions on risk mitigation strategies.

Capability to develop and deploy training materials to enhance risk awareness and compliance. Additional Considerations

Experience in state or government cybersecurity, particularly in managing risks for public sector agencies, is highly valued.

Relevant certifications such as CRISC, CISM, CISSP, or NIST Cybersecurity Framework training are a plus.

Familiarity with cloud security practices or tools (e.g., AWS, Azure) is advantageous.

Experience with Agile methodologies or risk management software is a plus.

Candidates must be local to Boston to facilitate collaboration and occasional on-site work. Why Join Us?

This role offers an opportunity to safeguard critical state operations by leading impactful cybersecurity risk management initiatives. You ll work with a collaborative team, leverage cutting-edge security frameworks, and contribute to a forward-thinking Risk Management Program dedicated to protecting government information assets and ensuring regulatory compliance.

What is a Pipeline Job?

These roles represent future opportunities we've uncovered through our client discussions. We have stripped away the rigid Must Haves, Mandatories, and Required criteria to find the right fit for their needs. By applying for these future roles, we will complete our human-centered process to see if you are a fit while adding your profile to our database to be considered for additional openings. When you apply, rest assured a human will thoroughly review your resume and respond to you personally. We take pride in finding the right match for each job, valuing your unique talents and potential over just what's on your resume.