2

Full Time Cyber Security Risk Analyst Jobs in Washington

ECLARO is a leading technology solutions provider seeking a Cybersecurity Risk Analyst for their client in Manassas, VA. The role involves managing Third-Party Risk Management (TPRM) operations and ...

Partner with technology, cybersecurity, compliance, and risk teams to strengthen control ... Strong analytical, organizational, and documentation skills. * Experience reviewing documentation ...

We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote ... You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans ...

next page

Showing results 1-20

Full Time Cyber Security Risk Analyst information

What is the difference between Full Time Cyber Security Risk Analyst vs Cyber Security Analyst?

AspectFull Time Cyber Security Risk AnalystCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentRisk assessment teams, security compliance, policy developmentSecurity monitoring, incident response, vulnerability assessment
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk managementIT firms, tech companies, cybersecurity service providers

Full Time Cyber Security Risk Analysts focus on identifying, assessing, and mitigating security risks within organizations, often working on compliance and policy. Cyber Security Analysts primarily monitor security systems, respond to incidents, and perform vulnerability assessments. While both roles require similar certifications and work in cybersecurity, their core responsibilities differ: risk analysis versus security monitoring.

What are the most commonly searched types of Cyber Security Risk Analyst jobs in Washington? The most popular types of Cyber Security Risk Analyst jobs in Washington are:
What cities in Washington are hiring for Full Time Cyber Security Risk Analyst jobs? Cities in Washington with the most Full Time Cyber Security Risk Analyst job openings:
Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

ECLARO

Manassas, VA • On-site

Full-time

Posted 4 days ago


Job description

Job Summary:
ECLARO is a leading technology solutions provider seeking a Cybersecurity Risk Analyst for their client in Manassas, VA. The role involves managing Third-Party Risk Management (TPRM) operations and supporting the broader Cyber Governance & Risk initiatives, requiring strong analytical skills and the ability to translate technical risk data into business intelligence.
Responsibilities:
• Other related duties may be assigned.
• Third-Party Risk Management (TPRM) Operations:
• Evaluate new and prospective vendors through structured cybersecurity risk assessments to determine cyber clearance eligibility before contract execution or system access.
• Serve as the primary SME and platform administrator for TPRM solution (SAFe), maintaining data integrity, configuring risk workflows, and driving continuous platform optimization.
• Maintain and continuously update the enterprise vendor inventory, tracking risk tier classification, assessment status, contract dates, and lifecycle position for all third parties.
• Execute structured vendor onboarding workflows, including security due diligence, contractual security requirements review, and formal risk acceptance documentation.
• Monitor and triage automated vendor security alerts generated through SAFe; analyze alert severity and communicate actionable risk intelligence to appropriate business and security stakeholders on time.
• Manage vendor offboarding procedures, ensuring complete termination of data and system access, contractual closure, and record retention compliance.
• Conduct periodic reassessments and ongoing monitoring of in-scope vendors according to risk tiering methodology and assessment calendar.
• Develop and maintain Power BI dashboards and reports presenting vendor risk metrics, assessment completion rates, open risks, and trend analysis for leadership and risk committees.
• Cyber Governance, Risk & Insider Threat:
• Support Insider Threat program by monitoring behavioral risk indicators, documenting escalation procedures, and maintaining governance records.
• Assist in the preparation of cybersecurity governance artifacts, including risk registers, policy documents, control metrics, and compliance reports aligned to NIST CSF and applicable regulatory frameworks.
• Generate periodic cyber risk reports for IT leadership, audit, and regulatory audiences, summarizing risk posture, open findings, control gaps, and remediation status.
• Build and maintain Power BI dashboards to visualize governance and risk metrics, control effectiveness trends, and risk KPIs across the organization.
• Participate in risk assessment activities and support internal control evaluations relevant to IT environments.
• Cybersecurity Awareness Training & Metrics Reporting:
• Design and develop custom cybersecurity awareness training content tailored to the specific business operations and risk profiles of individual departments (e.g., Operations, Finance, Customer Engagement, Engineering).
• Assisting in collaborating with department leads to schedule, deploy, and track training completion across the organization.
• Assist in administering phishing simulation campaigns; analyze results and produce actionable reports identifying at-risk user populations and trending behaviors.
• Build and maintain Power BI dashboards tracking cybersecurity awareness KPIs, including training completion rates, phishing click-through rates, repeat offender trends, and department-level performance over time.
• Assist in preparing and presenting monthly and quarterly Cyber Awareness Reports for leadership, translating program metrics into clear risk narratives and recommended actions.
• Stay current with evolving social engineering tactics, threat actor techniques, and regulatory guidance (e.g., CISA advisories) to keep training content timely and impactful.
• Evaluate training platform effectiveness and recommend enhancements or alternative tools to improve learner engagement and retention.
• Disaster Recovery (DR) Coordination & Reporting:
• Coordinate and facilitate Disaster Recovery testing exercises for core business applications in collaboration with technical SMEs across IT Operations.
• Develop DR test plans, scoping documents, timelines, and stakeholder communication plans in coordination with system owners and application custodians.
• Document test execution results, capture gaps or failures, and produce comprehensive post-exercise reports for IT leadership and executive stakeholders.
• Track remediation of identified DR gaps to closure; maintain updated DR runbooks, test records, and lessons-learned logs.
• Assist in the broader Business Continuity Planning (BCP) process as it pertains to cybersecurity resilience and recovery readiness.
• SharePoint Intranet & Stakeholder Dashboard Publishing:
• Design, build, and maintain dedicated SharePoint sites and pages serving as the centralized hub for cybersecurity communications, dashboards, and reporting artifacts.
• Embed and publish Power BI reports directly into SharePoint pages, ensuring stakeholders can access live, role-appropriate dashboards without requiring Power BI licensing or direct platform access.
• Develop audience-specific SharePoint pages tailored to the information needs of distinct stakeholder groups, including IT leadership, department managers, executive sponsors, audit / compliance teams, and general staff, applying role-based access controls and page permissions accordingly.
• Maintain separate SharePoint views for TPRM metrics, cyber awareness training completion and phishing stats, governance and risk posture indicators, and DR testing results, ensuring content remains current and accurate.
• Collaborating with department heads and business units leads to understanding their reporting consumption preferences and translating those needs into intuitive, self-service SharePoint dashboard pages.
• Establish and enforce a publishing cadence (monthly, quarterly) for dashboard refreshes and narrative updates aligned to governance reporting calendar.
• Apply SharePoint governance best practices, including naming conventions, version control, content lifecycle management, and access review procedures.
• Coordinate with IT infrastructure and Microsoft 365 administrators as needed for site provisioning, permissions architecture, and integration with Power BI Service workspaces.
• Internal:
• Communicate within the assigned department and with other departments to ensure understanding and achievement of department and organization goals and standards; provide the highest level of service to internal customers; exchange information and ideas for improvements in the department and organization; coordinate customer service activities, plans, and requirements; and improve the knowledge base of company policies, procedures, and programs.
• Participate in staff meetings to develop and implement present and plans; monitor and revise strategies and programs; confer on mutual issues; exchange information; and share in the determination and formulation of policies and procedures.
• External:
• Provide the highest level of quality customer service to external customers through various forms of communication as well as proactive and professional relationships with customers, the business community, and the general public.
Qualifications:
Required:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a closely related field.
• Equivalent combination of education and demonstrated professional experience will be considered.
• Minimum 3-5 years of progressive experience in cybersecurity, IT risk management, or a related GRC discipline.
• Demonstrated experience operating or administering a formal TPRM program or third-party risk platform.
• Proven ability to build Power BI reports and dashboards that translate security data into executive-ready metrics.
• Experience developing and delivering cybersecurity awareness training and reporting program metrics.
• Familiarity with Disaster Recovery planning, tabletop exercises, or DR test coordination.
• Power BI Report & Dashboard Development
• Vendor Risk Assessment & Lifecycle Management
• TPRM Platform Administration (SAFe or Equivalent)
• GRC Documentation & Control Mapping
• Security Questionnaire Evaluation (SIG, Custom)
• Phishing Simulation Analysis & Reporting
• Cyber Awareness Metrics Tracking & Presentation
• DR Test Planning, Facilitation & Post-Exercise Reporting
• Insider Threat Monitoring Support
• Advanced Microsoft Excel (Pivot Tables, Data Models)
• Executive-Ready PowerPoint Presentations
• SharePoint Site Management
• Clear written & verbal communication at all org levels.
• Executive-Level Risk Storytelling & Data Narration
• Cross-Functional Stakeholder Engagement
• Analytical Thinking & Risk Prioritization
• Project Coordination & Deadline Management
• Detail Orientation & Documentation Discipline
• Ability to manage multiple concurrent workstreams.
• Vendor Relationship Professionalism
• Collaborative team player with independent initiative.
• Adaptability in a fast-paced utility environment.
• Continuous learning mindset in evolving threat landscape.
• SharePoint site design and intranet page development.
Preferred:
• Experience in a regulated industry (electric utility, energy, financial services, or healthcare).
• Hands-on experience with the SAFe TPRM platform or comparable solutions (One Trust, Process Unity, Prevalent, BitSight, Security Scorecard).
• Working knowledge of NIST CSF (v2.0), NIST SP 800-161 (C-SCRM), or ISO / IEC 27036 supply chain risk standards.
• Familiarity with Insider Threat frameworks and behavioral analytics monitoring.
• Experience with Business Continuity Management frameworks (ISO 22301).
• Background in Learning Management System (LMS) administration and instructional design principles for security awareness content.
• Advanced Power BI skills: DAX measures, row-level security, scheduled refresh, paginated reports.
• One or more of the following certifications: PL-300: Microsoft Power BI Data Analyst, CTPRP: Certified Third Party Risk Professional, Security+: CompTIA Security+
Company:
ECLARO is an award-winning Talent Solutions firm headquartered in New York City and operating in the U.S., Canada and the Philippines. Founded in 1999, the company is headquartered in New York, NY, US, , with a team of 1001-5000 employees. The company is currently Late Stage.