Remote Rmf Jobs in Houston, TX (NOW HIRING)

The Cybersecurity Risk Analyst is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role involves conducting comprehensive risk assessments, leading vulnerability management efforts, and ensuring compliance with industry frameworks and regulations. The analyst will work closely with cross-functional teams to design and implement effective risk mitigation strategies, evaluate third-party risks, and support incident response and post-incident evaluations. By leveraging data-driven methods and tracking key performance indicators, the Cybersecurity Risk Analyst plays a critical role in enhancing the organization’s security posture and aligning cybersecurity efforts with business objectives.

Degree:

• Bachelor's Degree

The minimum number of years of job related experience required by this job is: 

• 8 years.

List any specialized training or unique skills required / preferred:

• In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR.
• Strong familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications.
• Expertise in vulnerability management processes, penetration testing, and threat modeling.
• Awareness of emerging technologies and their associated risks.
• Advanced analytical and problem-solving skills for assessing and prioritizing risks.
• Effective communication and presentation skills to translate technical risks into business impacts for stakeholders.
• Proficiency in creating detailed documentation, including risk reports, policies, and compliance evidence.
• Preferred CISSP, CRISC or other security certifications.

1. Comprehensive Infrastructure Risk Assessment

• Perform regular risk assessments of IT and OT systems, including networks, cloud platforms, IoT devices, and software, aligned with NIST and CIS Controls.
• Ensure compliance with security regulations (e.g., GDPR, CCPA, PCI DSS) and manage third-party risks.

2. Vulnerability Management

• Lead vulnerability scans, penetration tests, and threat modeling.
• Assess and address vulnerabilities, prioritize patches, and adapt to new threats in collaboration with teams.

3. Risk Reporting & Communication

• Present risk reports to stakeholders, translating technical details into business impacts.
• Use methods like FAIR to prioritize risks and provide updates on risks, incidents, and mitigation efforts.

4. Collaboration on Risk Mitigation

• Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals.

5. Incident Response & Risk Evaluation

• Act as a key incident response team member, offering expertise during security incidents.
• Conduct post-incident evaluations, identify root causes, and participate in simulations to enhance response readiness.

6. Cybersecurity Framework & Policy Development

• Contribute to developing and refining cybersecurity policies, standards, and procedures aligned with risk management strategies.
• Provide input on creating technical security standards supporting risk management goals.

7. Regulatory Compliance and Audit Support

• Ensure compliance with regulatory requirements through risk assessments, vulnerability management, and mitigation efforts.
• Support cybersecurity audits by providing documentation, reports, and evidence of remediation activities.

8. KPI Tracking & Reporting

• Monitor KPIs to evaluate the effectiveness of risk and vulnerability management programs.
• Leverage metrics, automated tools, and dashboards to report on security posture and provide real-time insights.

9. Emerging Technology Risk Management

• Evaluate risks tied to adopting emerging technologies (e.g., AI, blockchain) and integrate them securely.
• Develop strategies to address risks linked to digital transformation initiatives.