IT Risk & GRC Analyst - #25437

Blue Chip Talent • Southfield, MI, US • 1d ago

Overview

We are seeking a Cybersecurity Risk & GRC Analyst to lead and mature our IT and cybersecurity risk management program. This role is best suited for a professional who has owned and led a cyber risk register, defined risk metrics and processes, and performed vendor and third-party security risk assessments.

This is not an audit-only role. While audits and compliance are part of the ecosystem, the primary focus is risk identification, assessment, tracking, and mitigation across the organization.

Key Responsibilities:

Own and manage the IT/cyber risk register, including:
Risk methodology and scoring
Metrics, reporting, and dashboards
Risk lifecycle management and remediation tracking
Lead IT and cybersecurity risk assessments, documenting risks, impacts, likelihood, and treatment plans
Support and enhance the vendor and third-party risk management process, including:
Reviewing vendor security assessments
Mapping vendor controls to internal and external frameworks
Supporting cybersecurity reviews during onboarding and renewals
Use a GRC platform (LogicGate) to document and track risks, controls, and assessments
Map risks and controls to frameworks such as NIST CSF, ISO 27001, FedRAMP, CCSK
Coordinate with internal teams to monitor the effectiveness of security controls
Contribute to the development and updates of security policies and standards (policy ownership is not required)
Support security incident response activities as needed (supporting role only)
Contribute to security and risk requirements for new systems and initiatives
Assist with AI risk and governance assessments, aligned to NIST CSF

Required Skills: