Risk and Governance Analyst

Job Summary The Risk and Governance Analyst collaborates with various business groups to identify, measure, manage, and report organizational and enterprise risks. This role leverages expertise in both cyber and physical security to recommend effective mitigations and enhance the overall security posture of the company. Key Responsibilities Conduct comprehensive risk assessments for cyber and physical security threats. Participate in developing and maintaining formal security policies, procedures, and methodologies for information systems and IT/OT infrastructure. Identify, document, and report security risks and exposures. Evaluate system architectures and recommend security control designs to strengthen defenses. Prepare detailed security analysis and findings reports. Collect and analyze historical system access data and generate reports. Coordinate resolution of issues recorded in the risk register. Stay current with application system technologies/products and recommend tactical and strategic upgrades. Support complex application systems and business processes. Develop and deliver security training and awareness programs. Coordinate internal and third-party audits. Prepare reports and presentations for senior management and stakeholders. Participate in governance teams to interpret business issues and recommend best practices. Suggest improvements to business processes supported by application systems. Perform additional duties as assigned. Required Qualifications Working knowledge of security procedures for information systems and IT/OT infrastructure. Understanding of hardware, software, networks, operating systems, databases, and applications. Deep knowledge of System/Solution Delivery Lifecycle (SDLC). Familiarity with governance frameworks such as SOX, NIST, NERC, COBIT, ITIL, ISO. Proven ability to develop effective presentations and briefings for all organizational levels. Experience in risk assessments, application security, control design, vulnerability assessments, or penetration testing. Excellent verbal and written communication skills. Strong leadership, analytical, and problem-solving skills. Ability to work collaboratively in a fast-paced team environment. Skilled in investigating and analyzing information to draw conclusions. Ability to plan, implement, test, and troubleshoot system software. Ability to communicate technical guidance to users. Preferred Qualifications Bachelors Degree OR 8 years of directly related experience. Minimum 4 years in risk management, governance, or security roles. Certifications CISSP, CISM, or CRISC certifications are desired. Working Conditions Office environment with extensive computer use. May require travel. Ability to work outside normal hours to meet deadlines and support needs. Education: Bachelors Degree Certification: Certified Information Systems Security Professional , Certified Information Security Manager

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.