Strategic Education, IncRemote
Principal IT Risk Management Analyst
United States
Full Time
1 day ago
$119,300 - $178,900 USD
No Visa Sponsorship
Key skills
Cyber SecurityArtificial IntelligenceMachine LearningLeadershipRisk ManagementMentoringDecision Making
About this role
Role Overview
- Lead and evolve the IT security risk management program in alignment with organizational goals, risk appetite, and risk tolerance
- Partner with executive leadership to shape risk strategy and drive enterprise-wide adoption
- Serve as a key advisor on risk posture, translating technical findings into strategic business decisions
- Identify, assess, and quantify technology risks by evaluating cybersecurity threats, operational vulnerabilities, and emerging technology risks using qualitative and quantitative methodologies
- Conduct risk assessments using established frameworks, including NIST CSF and CIS Controls v8
- Translate technical findings into clear, actionable business risk and support risk-based decision making
- Manage and maintain the enterprise IT risk register, including risk ownership, scoring, and lifecycle tracking
- Design and implement IT security risk mitigation strategies and controls aligned with industry standards
- Lead the risk exception management process, including evaluation, documentation, and risk acceptance decisions
- Provide risk-informed guidance for complex technology initiatives, including emerging areas such as artificial intelligence and machine learning
- Integrate IT security risk management practices into business and technology processes
- Define and evolve risk metrics, key risk indicators (KRIs), and risk appetite thresholds
- Develop dashboards and reporting that translate risk data into actionable insights for executive and board-level audiences
- Communicate complex risk concepts clearly to both technical and non-technical stakeholders
- Drive adoption of IT security risk platforms and workflow automation to improve efficiency and scalability
- Identify and implement automation opportunities across risk management workflows
- Continuously enhance risk methodologies, tools, and processes
- Stay current on the evolving threat landscape, emerging technologies, and industry practices
- Mentor and guide junior team members in direct or matrixed reporting relationships
Requirements
- 5+ years of IT risk management experience, with a focus on risk assessment, quantification, and risk register ownership (not primarily compliance or audit)
- 3+ years mentoring or leading team members
- Demonstrated experience mentoring analysts while owning and delivering discrete risk workstreams or program components
- Experience conducting risk assessments aligned to NIST CSF, CIS Controls v8, or similar frameworks
- Experience managing an IT risk register, risk exception processes, and residual risk documentation
- Experience developing risk metrics, dashboards, and executive reporting
- Experience with GRC platforms and workflow automation in a risk context
- Experience managing risks related to emerging technologies, including artificial intelligence
- Bachelor's degree in a relevant discipline required; Master’s degree preferred
- Preferred certifications: CRISC (ISACA), CISSP (ISC²), CISM (ISACA), CompTIA Security+, CompTIA CySA +, CompTIA CASP+, CGEIT (ISACA)
Tech Stack
- Cyber Security
Benefits
- Health insurance
- 401(k) retirement benefit
- Paid time off
- Parental leave
- Tuition assistance
- Entertainment and retail discounts
- Employee Stock Purchase Plan
- Well-being incentives
- Certain paid holidays