Risk Analyst

GuidePoint Security offers a comprehensive set of Risk services, including qualitative and quantitative cybersecurity risk assessments, development of cybersecurity risk management programs, third-party risk management program advisory and managed services, staff augmentation, business resilience services, GRC tool services, threat modeling, and other advisory services. GuidePoint Security's Risk team's offerings are consistently evolving with the security industry and the risks that modern environments face. You will contribute your knowledge, experience, and creativity to face these challenges head-on and equip the practice for success.

As a Risk Analyst, you will use your experience to deliver world-class consulting services that provide outstanding value to clients and help them achieve their goals. Your experience will be vital to ensuring the expanded growth and success of the practice into the future.

Roles and Responsibilities:

• Serve as a dedicated cybersecurity risk management consultant supporting the client's information security, governance, risk, and compliance (GRC) program.
• Complete client onboarding requirements, including device provisioning, account setup, and any required training.
• Review and gain familiarity with the client's risk management stakeholders, processes, policies, historical assessments, and program objectives.
• Strong ability to work independently and multi-task on assigned projects.
• Support ongoing risk management activities, including:




• Maintaining and updating information security, GRC, and key risk indicator (KRI) metrics.
• Supporting the information security issue management process in AuditBoard.
• Documenting and inputting risks into the client's risk register.
• Performing risk mapping to align identified risks with applicable frameworks and controls.
• Maintaining and revising risk-related policies, standards, and procedures.
• Supporting risk reporting and presentation deck updates for executive and committee reviews.
• Participating in assigned risk committees and working groups.
• Documenting processes for cybersecurity risk management to ensure repeatability and transparency.




• Deliver clean, consistent, and actionable risk reporting, leveraging PowerPoint or similar visualization tools.
• Maintain regular communication with client stakeholders, providing advisory guidance on maturing the overall risk management capability.
• Collaborate with other GuidePoint practices to ensure alignment and comprehensive client support.
• Stay current on relevant cybersecurity and risk management standards and industry best practices, incorporating them into service delivery.
• Demonstrate professionalism, adaptability, and strong self-management skills while working independently within the client environment.

Required Experience:

• 1-3 years education and/or experience in cybersecurity with at least 1 year focused on risk management and/or GRC.
• Working knowledge of risk management frameworks such as ISO 31000, ISO/IEC 27005, NIST 800-30, and FAIR.
• Familiarity with security frameworks including: NIST CSF, NIST 800-30, ISO 31000, COSO and others.
• Experience using GRC tools.
• Excellent written and verbal communication skills; able to translate complex information for both technical and executive audiences.
• Self-driven; able to manage schedules, meet deadlines, coordinate with others, perform tasks, and work independently with minimal supervision.
• Excellent project management skills, with the ability to work with multiple deadlines and priorities.
• Demonstrated ability to work independently in a client-facing consulting environment.

Preferred Experience:

• Experience with AuditBoard and comparable GRC platforms.
• Demonstrated understanding of information security policies, standards, plans, procedures, and other documentation to support customer adopted frameworks and industry standards.
• Industry certifications are preferred, such as Security+, CISA, CC(ISC2) etc.
• Coachable, adaptable, and comfortable integrating into client-specific processes and teams.

Travel Requirements:

• Any travel/on-site requirements as needed.