Cyber Risk Analyst III

Job description

Overview

This position provides cybersecurity risk management and expert support at the highest level of cybersecurity governance and oversight, with primary responsibility for cyber risk identification and mitigation across the organization.

The role evaluates risks, identifies control gaps, and partners with stakeholders to implement mitigation strategies that strengthen the organization’s security posture.

Serves as a subject matter expert in risk assessment practices and cybersecurity domains, contributes to broader cyber risk oversight, recommends and monitors enhancements to processes and procedures, and provides reporting and analysis in support of strategic objectives.

Cyber Risk Assessments – Leads and executes cybersecurity risk assessments across cyber domains, business units, and technology environments.

Evaluates control effectiveness against established frameworks and regulatory expectations, identifies risk exposures, and documents findings in clear, actionable terms.

Risk Identification and Mitigation – Identifies potential risks across operational, technology, and regulatory domains.

Works with stakeholders to define and track remediation plans, ensuring timely and effective resolution of identified issues.

Facilitates risk mitigation strategies aligned to business objectives and regulatory standards.

Framework Application – Applies industry-standard frameworks (e.g., NIST Cybersecurity Framework (CSF), NIST SP 800-53, ISO 27001, FFIEC guidelines) to assess and benchmark the organization’s risk posture.

Conducts gap analyses, interprets requirements, and provides recommendations for closing compliance or control gaps.

Cyber Technical Expertise – Leverages strong technical knowledge of core cybersecurity domains (e.g., identity and access management, network security, cloud security, endpoint protection, vulnerability management, and security architecture) to effectively assess risks and validate control implementation.

Provides informed insights on technical risk mitigation strategies.

Stakeholder Partnership – Collaborates with business, technology, and control owners to communicate assessment results, educate stakeholders on risk management expectations, and promote awareness of cybersecurity risks.

Supports a culture of accountability and continuous improvement in risk management practices.

Monitoring and Reporting – Develops and maintains risk assessment reports and dashboards.

Communicates trends, patterns, and emerging risks to leadership, providing transparency into the organization’s cyber risk profile.

Tracks remediation progress, escalates overdue actions, and highlights areas requiring additional oversight.

Continuous Improvement – Maintains awareness of changes in industry standards, threat landscape, and regulatory requirements.

Incorporates emerging practices into the organization’s risk assessment methodology, ensuring assessments remain relevant and effective.

Remote eligible.

Preferred Qualifications

This job posting is expected to remain active for 45 days from the initial posting date listed above.

If it is necessary to extend this deadline, the posting will remain active as appropriate.

Job postings may come down early due to business need or a high volume of applicants.

The base pay for this position is generally between $102,000 and $157,000.

Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law.

For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

First Citizens benefits programs are designed to meet our associates where they are in life.

Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined.

More information regarding our benefits offerings can be found here: benefits.

Cyber Risk Assessments – Leads and executes cybersecurity risk assessments across cyber domains, business units, and technology environments.

Evaluates control effectiveness against established frameworks and regulatory expectations, identifies risk exposures, and documents findings in clear, actionable terms.

Risk Identification and Mitigation – Identifies potential risks across operational, technology, and regulatory domains.

Works with stakeholders to define and track remediation plans, ensuring timely and effective resolution of identified issues.

Facilitates risk mitigation strategies aligned to business objectives and regulatory standards.

Framework Application – Applies industry-standard frameworks (e.g., NIST Cybersecurity Framework (CSF), NIST SP 800-53, ISO 27001, FFIEC guidelines) to assess and benchmark the organization’s risk posture.

Conducts gap analyses, interprets requirements, and provides recommendations for closing compliance or control gaps.

Cyber Technical Expertise – Leverages strong technical knowledge of core cybersecurity domains (e.g., identity and access management, network security, cloud security, endpoint protection, vulnerability management, and security architecture) to effectively assess risks and validate control implementation.

Provides informed insights on technical risk mitigation strategies.

Stakeholder Partnership – Collaborates with business, technology, and control owners to communicate assessment results, educate stakeholders on risk management expectations, and promote awareness of cybersecurity risks.

Supports a culture of accountability and continuous improvement in risk management practices.

Monitoring and Reporting – Develops and maintains risk assessment reports and dashboards.

Communicates trends, patterns, and emerging risks to leadership, providing transparency into the organization’s cyber risk profile.

Tracks remediation progress, escalates overdue actions, and highlights areas requiring additional oversight.

Continuous Improvement – Maintains awareness of changes in industry standards, threat landscape, and regulatory requirements.

Incorporates emerging practices into the organization’s risk assessment methodology, ensuring assessments remain relevant and effective.

Remote eligible.

Preferred Qualifications

This job posting is expected to remain active for 45 days from the initial posting date listed above.

If it is necessary to extend this deadline, the posting will remain active as appropriate.

Job postings may come down early due to business need or a high volume of applicants.

The base pay for this position is generally between $102,000 and $157,000.

Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law.

For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

First Citizens benefits programs are designed to meet our associates where they are in life.

Full-time associates (20+ hours) are offered a comprehensive benefits program, with customized offerings, including those designed to support families, however defined.

More information regarding our benefits offerings can be found here: benefits.

Required Skill Profession

Computer Occupations