IT Cyber Security Risk Analyst
Cretex Companies, Inc. · Elk River, MN · Yesterday
Information Technology$61k/yrFull-time
Responsibilities
- Act as a secondary resource for daily security monitoring, incident response, and vulnerability remediation.
- Aid in configuring and managing tools related to endpoint protection, logging, email security, and access control.
- Execute security-related projects such as patching programs, encryption rollouts, and policy enforcement.
- Assess and improve identity and access management practices across systems.
- Partner with IT teams to implement role-based access controls and Just-In-Time access principles.
- Lead projects and process design supporting Zero Trust architecture, especially for remote access and SaaS tools.
- Participate in account reviews and privilege audits to ensure appropriate access levels.
- Develop and lead training and awareness campaigns to reduce employee-related cyber risk.
- Manage phishing simulation programs and track effectiveness.
- Deliver cybersecurity onboarding for new employees and ongoing training for all staff.
- Serve as the go-to contact for employee questions related to phishing, passwords, or safe technology use.
- Own the development and maintenance of Business Continuity and Disaster Recovery plans.
- Facilitate tabletop exercises and capture lessons learned to enhance resilience.
- Collaborate with IT and business leaders to identify and reduce operational risk.
- Contribute to regulatory, insurance, and customer security documentation as needed.
- Aid in drafting and maintaining cybersecurity policies and procedures.
- Track and report on training compliance, incidents, and risk KPIs.
- Stay current on emerging cyber threats and security trends, providing proactive recommendations.
- Coordinate with external vendors (e.g., MDR, IAM, phishing) and internal teams to support tool effectiveness and projects.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
- 2+ years in IT or cybersecurity roles, ideally with experience in user support, IAM, or risk management.
- Excellent communication and teaching skills; comfortable presenting to technical and non-technical audiences.
- Familiarity with Zero Trust concepts and tools (e.g., MFA, identity providers, conditional access).
- Working knowledge of phishing, endpoint protection, and threat mitigation techniques.
- Strong organizational and documentation skills.
- Security certifications (e.g., Security+, SSAP, GSEC, or similar) are desirable.
- Experience with identity & access management tools (e.g., Azure AD, Okta, Duo, etc.) is desirable.
- Experience managing phishing simulation platforms (Mimecast, KnowBe4) is desirable.
- Familiarity with business continuity planning and disaster recovery best practices is desirable.
- Experience conducting or facilitating tabletop exercises is desirable.
- Exposure to NIST, ISO 27001, or CIS Controls frameworks is desirable.
- Manufacturing, regulated industry, or multi-site IT experience is desirable.
Pay
Pay Range: USD $60,800.00 - USD $91,200.00 /Yr.