About this role
Cyber Risk Analyst helps reduce the cyber risk posed by third parties and protects S&P Global brands from attacks via vendor relationships. Responsibilities include risk assessments, recertifications, and continuous monitoring within Vendor Risk Management.
Key Responsibilities
- Conduct risk assessments of cybersecurity and business continuity controls for third-party vendors
- Collaborate with internal teams to identify critical vendors and assess impact
- Communicate risk findings to senior management, legal, and compliance
- Work with vendors to address security gaps and ensure compliance
- Monitor continuous vendor risk through the continuous monitoring program and ad-hoc projects
Technical Overview
Focus on vendor risk management, third-party risk, information security controls, and cloud security across AWS, Azure, and Google Cloud Platform with regulatory compliance considerations.
Ideal Candidate
The ideal candidate is a mid-level cyber risk analyst with 3-5 years of information security or technology risk management experience, strong vendor risk management exposure, and cloud security knowledge, able to communicate with senior leadership.
Must-Have Skills
Bachelor's degree in computer science or engineering or equivalent3-5 years of experience in Information Security or Technology Risk ManagementDemonstrable understanding of technology controls and information security controlsExcellent communication skills
Nice-to-Have Skills
UK shift availabilitystrong organizational skillsability to build strategic partnershipscritical thinkerInformation Security/Risk Management certification would be an advantageExperience with vendor risk management and privacy laws (plus)
Required Skills
Bachelor's degree in computer science or engineering or equivalent3-5 years of information security or technology risk managementvendor risk managementcloud securityrisk assessmentscontinuous monitoringinformation security controlsAWSMicrosoft AzureGoogle Cloud PlatformGCPregulatory compliance
Hard Skills
CybersecurityInformation SecurityVendor Risk ManagementControl Risk AssessmentsRisk RecertificationsContinuous MonitoringThird-Party RiskCloud TechnologiesAmazon Web ServicesAWSMicrosoft AzureGoogle Cloud PlatformGCPPublic CloudAI for Cloud Service ProvidersNon-Cloud Service ProvidersVendor risk governanceRegulatory complianceSecurity posture assessmentIT governance
Soft Skills
communicationstakeholder managementcollaborationanalytical thinkingproblem solvingcritical thinking
Certifications
Preferred
Information Security certificationRisk Management certification
Keywords for Your Resume
cyber risk analystvendor risk managementcontrol risk assessmentsrisk recertificationscontinuous monitoringinformation securitycybersecuritythird-party riskcloud securityAmazon Web ServicesAWSMicrosoft AzureGoogle Cloud PlatformGCPprivacy lawsregulatory requirementsstakeholder managementIT governancesecurity posture assessmentrisk assessmentsregulatory compliance
Deal Breakers
Lack of 3-5 years in information security or technology risk management, No vendor risk management experience, No cloud security experience
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile