Jobs · Finance · Pennsylvania

Cyber Security Risk Analyst

Alcoa · Pittsburgh, PA · 2 wk ago
FinanceFull-time

About the role

The Cyber Security Risk Analyst serves as a key contributor to the cybersecurity risk management program, providing subject matter expertise in identifying, assessing, and managing risks across both Information Technology (IT) and Operational Technology (OT) environments.

Responsibilities

  • Contribute to the development, implementation, and continuous improvement of the Cybersecurity Risk Management Program, including frameworks, methodologies, policies, standards, and supporting tools.
  • Perform cybersecurity risk assessments across IT, OT, cloud, and third-party environments, including enterprise systems and manufacturing/process control systems (PCS).
  • Facilitate risk workshops with technical and business stakeholders to evaluate risks associated with new technologies, projects, and operational changes.
  • Serve as a subject matter expert on risk methodology, scoring, and evaluation.
  • Maintain and enhance the cybersecurity risk register, including risk scoring, treatment plans, and residual risk tracking.
  • Support and guide risk treatment strategies (mitigation, acceptance, transfer, avoidance) and partner with compliance teams to design and implement appropriate controls.
  • Translate technical risk findings into clear business and operational impact statements for non-technical audiences and senior leadership.
  • Advise leadership on risk exposure, trends, and residual risks, including impacts to business operations and production.
  • Define, monitor, and report Key Risk Indicators (KRIs) and emerging threat trends.
  • Support audit, regulatory, and compliance activities (e.g., ISO 27001, NIST, SOC) related to cybersecurity risk management.
  • Collaborate with Enterprise Risk Management (ERM) and Operations Risk Management teams to ensure alignment and integration of cybersecurity risks into broader risk reporting.
  • Build and maintain strong relationships with stakeholders across IT, OT, business units, and risk management functions.
  • Continuously monitor evolving cyber threats, emerging technologies, and industry practices to enhance risk management processes and capabilities.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, Risk Management, or a related discipline; equivalent professional experience may be considered in lieu of a degree.
  • 6+ years of experience in cybersecurity, IT risk management, information security, governance, compliance, or IT operations within enterprise environments.
  • Demonstrated experience assessing cybersecurity risk across IT and OT environments; experience in manufacturing or industrial organizations preferred.
  • Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800-53, CIS Controls, SOX).
  • Proven experience executing core GRC activities, including risk assessments, policy and standard development, control validation, audit support, and remediation tracking.
  • Expertise in cybersecurity governance, risk assessment, and compliance program implementation.
  • Experience using Governance, Risk, and Compliance (GRC) tools and risk reporting dashboards.
  • Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis.
  • Excellent written, verbal, and facilitation skills, with the ability to translate complex technical risks into clear business impacts.
  • Demonstrated ability to collaborate effectively with cross-functional stakeholders, including technical teams, operations, and senior leadership, while managing multiple priorities in fast-paced environments.

Preferred Qualifications

  • Relevant industry certifications such as CISSP, CISM, CRISC, CISA, CGRC, Security+, GRCP, or equivalent.
  • Experience with third-party/vendor risk management, regulatory compliance assessments, and security awareness programs.
  • Experience supporting global environments and contributing to enterprise-wide security or compliance initiatives.
  • Experience supporting audits and assurance activities, including ISO/IEC 27001 certification and SOC report reviews.
  • Familiarity with security operations capabilities, including SIEM, log analysis, and event monitoring for compliance and incident response.
  • Understanding of enterprise security domains, including cloud security, infrastructure security, and identity and access management (IAM).
  • Working knowledge of project management methodologies and practices.
  • Experience in metals, mining, manufacturing, or other heavy industrial environments.

Similar jobs

Cyber Risk Analyst

New York City Office of Technology & InnovationBrooklyn, NY· 2 wk ago
Financeapply on cityjobs.nyc.gov