Posted Jul 13, 2026

Principal IT Risk Management Analyst

Apply for this Position →
Job Description: • Lead and evolve the IT security risk management program in alignment with organizational goals, risk appetite, and risk tolerance • Partner with executive leadership to shape risk strategy and drive enterprise-wide adoption • Serve as a key advisor on risk posture, translating technical findings into strategic business decisions • Identify, assess, and quantify technology risks by evaluating cybersecurity threats, operational vulnerabilities, and emerging technology risks using qualitative and quantitative methodologies • Conduct risk assessments using established frameworks, including NIST CSF and CIS Controls v8 • Translate technical findings into clear, actionable business risk and support risk-based decision making • Manage and maintain the enterprise IT risk register, including risk ownership, scoring, and lifecycle tracking • Design and implement IT security risk mitigation strategies and controls aligned with industry standards • Lead the risk exception management process, including evaluation, documentation, and risk acceptance decisions • Provide risk-informed guidance for complex technology initiatives, including emerging areas such as artificial intelligence and machine learning • Integrate IT security risk management practices into business and technology processes • Define and evolve risk metrics, key risk indicators (KRIs), and risk appetite thresholds • Develop dashboards and reporting that translate risk data into actionable insights for executive and board-level audiences • Communicate complex risk concepts clearly to both technical and non-technical stakeholders • Drive adoption of IT security risk platforms and workflow automation to improve efficiency and scalability • Identify and implement automation opportunities across risk management workflows • Continuously enhance risk methodologies, tools, and processes • Stay current on the evolving threat landscape, emerging technologies, and industry practices • Mentor and guide junior team members in direct or matrixed reporting relationships Requirements: • 5+ years of IT risk management experience, with a focus on risk assessment, quantification, and risk register ownership (not primarily compliance or audit) • 3+ years mentoring or leading team members • Demonstrated experience mentoring analysts while owning and delivering discrete risk workstreams or program components • Experience conducting risk assessments aligned to NIST CSF, CIS Controls v8, or similar frameworks • Experience managing an IT risk register, risk exception processes, and residual risk documentation • Experience developing risk metrics, dashboards, and executive reporting • Experience with GRC platforms and workflow automation in a risk context • Experience managing risks related to emerging technologies, including artificial intelligence • Bachelor's degree in a relevant discipline required; Master’s degree preferred • Preferred certifications: CRISC (ISACA), CISSP (ISC²), CISM (ISACA), CompTIA Security+, CompTIA CySA +, CompTIA CASP+, CGEIT (ISACA) Benefits: • Health insurance • 401(k) retirement benefit • Paid time off • Parental leave • Tuition assistance • Entertainment and retail discounts • Employee Stock Purchase Plan • Well-being incentives • Certain paid holidays