Associate Cybersecurity Risk Analyst

About the Role

Impact you will make

The Associate Cybersecurity Risk Analyst is a member of FinThrive's Information Security team. The Information Security team is responsible for strategy, execution, and governance of information security at FinThrive. In the Associate Cybersecurity Risk Analyst role, you will be supporting the Information Security team's objectives of conducting third party security risk assessments, conducting enterprise-wide security risk assessments, ensuring compliance with regulatory and contractual security requirements, and leading special projects that build our security program.

What you will do

• Third Party Risk Management:




• Partner in operationalizing third party security risk management to all areas of the business, by identifying, assessing, and communicating risk introduced by third parties, and recommending remediation and/or mitigation strategies
• Assist with updates and development of Third-Party related policies, procedures, training, and communication of the program across the enterprise.




• Enterprise Security Risk Management:




• Manage our risk register and perform enterprise level security risk analysis, including identifying risks, impact, and developing corrective action plans to address risks




• Lead cross functional security initiatives and special projects
• Develop metrics and provide leadership with status reporting on operational initiatives and KRIs
• Create presentation materials and lead discussion for key stakeholder meetings
• Supports FinThrive's Audit and Compliance Program by understanding and facilitating adherence to HITRUST, HIPAA, SOC, and other requirements from an information security perspective
• Represent and advocate for continually improving FinThrive's security posture
• Assist in the development and implementation of security policies and procedures
• Maintain expertise in industry trends, cybersecurity frameworks, and best practices

What you will bring

• Up to 3 years of experience in information security or risk management
• 1 year of 3^rd party risk Management
• A strong understanding of risk management frameworks and methodologies (threats, risks, controls)
• Eagerness to learn and implement new technologies and processes (GRC platforms, AI and automation tools, etc.)
• Critical thinking, ability to analyze problems and propose solutions
• Detail-oriented with strong organization, prioritization, and time management skills
• Ability to lead presentations and communicate technical concepts to a variety of stakeholders
• Ability to lead security initiatives and grow security programs
• Familiarity with SaaS architecture, web applications, Microsoft Office products, and cloud environments

What we would like to see

• Bachelor's degree in Computer Science, Information Technology, or related field
• Experience working with Azure and GRC tools
• An industry certification such as CompTIA Security+ or equivalent