Senior Analyst, Cyber Risk

Job Description An international law firm is looking for a Senior Analyst, Cyber Risk to join their security group. The Firm has more than 1,300 lawyers and has offices that span the globe from Boston, New York, Beijing, Brussels, Hong Kong, Houston, London, Los Angeles, Palo Alto, Sao Paulo, Tokyo and Washington, D.C. The Firm consistently ranks among the world's leading law firms. The Firm has the following practice areas: Corporate, Litigation, Banking & Credit, Capital Markets, Mergers & Acquisitions, Real Estate, Restructuring and Private Funds. They support clients in a variety of industries such as Energy (Oil & Gas, Power & Renewables), Financial Services, Healthcare & Life Sciences, Infrastructure, Technology, Insurance & Reinsurance, and Data Centers. The Senior Analyst, Cyber Risk will support the execution of the firm's cyber risk management lifecycle and report directly to the Manager, Cyber Risk. They will join a team of 4. This role will be 2-3 days onsite (Wed is mandatory) in their NYC office. This role will assist in maintaining and enhancing components of the cyber risk management framework, including controls management and testing, policy and standards documentation, and risk management processes. The individual will work closely with the Manager, Cyber Risk and cross-functional teams to support alignment with enterprise risk management practices and industry standards. The Analyst will also contribute to security awareness efforts and help promote a strong risk-aware culture across the Firm. The ideal candidate is an early to mid-career risk or cybersecurity professional with foundational knowledge of risk and compliance frameworks, controls testing concepts, risk management, and security policies and procedures. They should be detail-oriented, analytical, and eager to learn, with the ability to collaborate across teams.

ESSENTIAL JOB DUTIES & RESPONSIBILITIES

• Support the maintenance and enhancement of the firm's cyber risk management program in alignment with enterprise risk management and industry standards
• Assist with the administration of the controls inventory, including documentation and tracking of control testing activities
• Support control testing efforts by gathering evidence, documenting results, and identifying gaps or inconsistencies
• Contribute to the development and maintenance of policies, standards, and procedures
• Assist in maintaining the cyber risk register, including tracking remediation activities, and assessing risks
• Support the preparation of risk and control reporting, including KPIs and KRIs, for management review
• Help monitor compliance with relevant regulatory and industry frameworks (e.g., NIST, ISO 27001, SOC 2)
• Assist in identifying and documenting control deficiencies and support remediation tracking
• Collaborate with third-party security, data privacy, and enterprise risk teams on risk-related activities
• Support security awareness and training initiatives

Compensation:

$50/hr to $56/hr. Exact compensation may vary based on several factors, including location, skills, experience, and education. Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.

To learn more about how we collect, keep, and process your private information, please review

Insight Global's Workforce Privacy Policy:

https://insightglobal.com/workforce-privacy-policy/. Skills and Requirements

• 10+ years of experience in cybersecurity, technology risk, audit, or compliance-related roles
• Basic understanding of cybersecurity and risk management frameworks (NIST, ISO 27001, SOC)
• hands on with risk assessments
• Familiarity with control concepts and testing approaches
• Bachelor's degree or related experience required
• Professional certifications, such as

CISSP, CRISC, CISM, CISA, ISO 27001

Lead Auditor/Implementor

• GRC tooling experience
• Metrics & Awareness experience