The Cybersecurity Risk Analyst is a key member of the Digital & IT team, helping drive a culture of cybersecurity, improve risk posture, and enhance user-focused security practices across the enterprise.

This individual will serve as a backup to the Security Engineer(s), assisting with incident response, employee support, and cybersecurity projects. They will lead efforts to improve employee cybersecurity awareness, champion a Zero Trust approach to access and identity management, and help ensure business continuity and disaster recovery plans are in place, tested, and improved over time.

This role blends hands-on technical support with program management and education, making it ideal for someone who is both people-oriented and detail-driven.

Responsibilities ~Essential Job Functions

Security Operations Support

Act as a secondary resource for daily security monitoring, incident response, and vulnerability remediation.

Assist in configuring and managing tools related to endpoint protection, logging, email security, and access control.

Help execute security-related projects, such as patching programs, encryption rollouts, and policy enforcement.

Access Management & Zero Trust Initiatives

Help assess and improve identity and access management practices across systems.

Partner with IT teams to implement role-based access controls and Just-In-Time access principles.

Lead projects and process design supporting Zero Trust architecture, especially for remote access and SaaS tools.

Participate in account reviews and privilege audits to ensure appropriate access levels.

Cybersecurity Awareness & Culture

Develop and lead training and awareness campaigns to reduce employee-related cyber risk.

Manage phishing simulation programs and track effectiveness.

Deliver cybersecurity onboarding for new employees and ongoing training for all staff.

Serve as the go-to contact for employee questions related to phishing, passwords, or safe technology use.

Risk Management & Resilience

Own the development and maintenance of Business Continuity and Disaster Recovery plans.

Facilitate tabletop exercises and capture lessons learned to enhance resilience.

Collaborate with IT and business leaders to identify and reduce operational risk.

Contribute to regulatory, insurance, and customer security documentation as needed.

Governance, Policy, and Metrics

Assist in drafting and maintaining cybersecurity policies and procedures.

Track and report on training compliance, incidents, and risk KPIs.

Stay current on emerging cyber threats and security trends, providing proactive recommendations.

Coordinate with external vendors (e.g., MDR, IAM, phishing) and internal teams to support tool effectiveness and projects.

Qualifications

Minimum Requirements, Education & Experience (incl. KSA’s and certifications)

Bachelor’s degree in Cybersecurity, Information Technology, or a related field

2+ years in IT or cybersecurity roles, ideally with experience in user support, IAM, or risk management

Excellent communication and teaching skills; comfortable presenting to technical and non-technical audiences

Familiarity with Zero Trust concepts and tools (e.g., MFA, identity providers, conditional access)

Working knowledge of phishing, endpoint protection, and threat mitigation techniques

Strong organizational and documentation skills

Desirable Criteria & Qualifications

Security certifications (e.g., Security+, SSAP, GSEC, or similar)

Experience with identity & access management tools (e.g., Azure AD, Okta, Duo, etc.)

Experience managing phishing simulation platforms (Mimecast, KnowBe4)

Familiarity with business continuity planning and disaster recovery best practices

Experience conducting or facilitating tabletop exercises

Exposure to NIST, ISO 27001, or CIS Controls frameworks

Manufacturing, regulated industry, or multi-site IT experience