Cybersecurity Risk Analyst

ECLARO

Manassas, VA

JOB DETAILS
SALARY
$67–$70 Per Hour
SKILLS
Access Control, Analysis Skills, Audience Development, Awareness Tracking, Best Practices, Business Continuity Planning (BCP), Business Intelligence, Business Operations, Business Solutions, CISA - Certified Information Systems Auditor, Cadence, Campaigns, Cisco Unity, Click Through Rate (CTR), Communication Skills, CompTIA Security+, Computer Science, Consulting, Content Management, Contract Requirements, Contract Review, Corporate Policies, Cross-Functional, Customer Relations, Customer Support/Service, Data Analysis, Data Modeling, Data Quality, Data Visualization, Dental Insurance, Detail Oriented, Disaster Recovery, Diversity, Documentation, Due Diligence, Electrical Utility, Energy & Utilities, Establish Priorities, Finance, Financial Services, Genetics, Healthcare, ISO (International Organization for Standardization), Information Technology & Information Systems, Instructional Design, International Electro-Technical Commission (IEC), Internet Security, Intranet, Knowledge Base, Leadership, Learning Management System (LMS), Licensing, Metrics, Microsoft Excel, Microsoft Infrastructure, Microsoft PowerPoint, Microsoft Product Family, Microsoft SharePoint, Onboarding, Online Training, Operational Support, Performance Metrics, Phishing, Pivot Tables, Policy Development, Power BI, Presentation/Verbal Skills, Procedure Development, Process Improvement, Project/Program Coordination, Purchasing/Procurement, Record Keeping, Regulations, Regulatory Compliance, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Scorecarding, Simulation, Social Engineering, Source Code/Configuration Management (SCM), Storytelling, Supply Chain, Systems Administration/Management, Team Player, Technical Leadership, Test Plan/Schedule, Testing, Time Management, Training Program, Training/Teaching, Training/Teaching Materials, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Management, Vendor/Supplier Relations, Vendor/Supplier Selection, Vision Plan, Web Analytics
LOCATION
Manassas, VA
POSTED
Today
Cybersecurity Risk Analyst
Job Number: 26-01087

Use your skills where innovative technology solutions begin. ECLARO is looking for a Cybersecurity Risk Analyst for our client in Manassas, VA.

ECLARO’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!

Position Overview:
  • Seeking a results-driven and analytically minded Cybersecurity Risk Analyst to serve a dual mission within the Cybersecurity team: owning Third-Party Risk Management (TPRM) operations and supporting the organization's broader Cyber Governance & Risk.
  • The successful consultant will be the Subject Matter Expert (SME) for TPRM program, currently administered through the SAFe platform, and will be equally responsible for insider threat monitoring, custom cybersecurity awareness training development, awareness metrics reporting, Disaster Recovery (DR) coordination, and executive-level risk reporting.
  • This role demands a practitioner who can translate technical risk data into clear business intelligence, build compelling Power BI dashboards and reports for leadership, and collaborate effectively across IT, Operations, and Procurement.
  • The ideal consultant brings hands-on TPRM experience, strong data visualization skills, and a passion for building programs that protect members, infrastructure, and operational continuity.

Responsibilities:
  • Other related duties may be assigned.
  • Third-Party Risk Management (TPRM) Operations:
    • Evaluate new and prospective vendors through structured cybersecurity risk assessments to determine cyber clearance eligibility before contract execution or system access.
    • Serve as the primary SME and platform administrator for TPRM solution (SAFe), maintaining data integrity, configuring risk workflows, and driving continuous platform optimization.
    • Maintain and continuously update the enterprise vendor inventory, tracking risk tier classification, assessment status, contract dates, and lifecycle position for all third parties.
    • Execute structured vendor onboarding workflows, including security due diligence, contractual security requirements review, and formal risk acceptance documentation.
    • Monitor and triage automated vendor security alerts generated through SAFe; analyze alert severity and communicate actionable risk intelligence to appropriate business and security stakeholders on time.
    • Manage vendor offboarding procedures, ensuring complete termination of data and system access, contractual closure, and record retention compliance.
    • Conduct periodic reassessments and ongoing monitoring of in-scope vendors according to risk tiering methodology and assessment calendar.
    • Develop and maintain Power BI dashboards and reports presenting vendor risk metrics, assessment completion rates, open risks, and trend analysis for leadership and risk committees.
  • Cyber Governance, Risk & Insider Threat:
    • Support Insider Threat program by monitoring behavioral risk indicators, documenting escalation procedures, and maintaining governance records.
    • Assist in the preparation of cybersecurity governance artifacts, including risk registers, policy documents, control metrics, and compliance reports aligned to NIST CSF and applicable regulatory frameworks.
    • Generate periodic cyber risk reports for IT leadership, audit, and regulatory audiences, summarizing risk posture, open findings, control gaps, and remediation status.
    • Build and maintain Power BI dashboards to visualize governance and risk metrics, control effectiveness trends, and risk KPIs across the organization.
    • Participate in risk assessment activities and support internal control evaluations relevant to IT environments.
  • Cybersecurity Awareness Training & Metrics Reporting:
    • Design and develop custom cybersecurity awareness training content tailored to the specific business operations and risk profiles of individual departments (e.g., Operations, Finance, Customer Engagement, Engineering).
    • Assisting in collaborating with department leads to schedule, deploy, and track training completion across the organization.
    • Assist in administering phishing simulation campaigns; analyze results and produce actionable reports identifying at-risk user populations and trending behaviors.
    • Build and maintain Power BI dashboards tracking cybersecurity awareness KPIs, including training completion rates, phishing click-through rates, repeat offender trends, and department-level performance over time.
    • Assist in preparing and presenting monthly and quarterly Cyber Awareness Reports for leadership, translating program metrics into clear risk narratives and recommended actions.
    • Stay current with evolving social engineering tactics, threat actor techniques, and regulatory guidance (e.g., CISA advisories) to keep training content timely and impactful.
    • Evaluate training platform effectiveness and recommend enhancements or alternative tools to improve learner engagement and retention.
  • Disaster Recovery (DR) Coordination & Reporting:
    • Coordinate and facilitate Disaster Recovery testing exercises for core business applications in collaboration with technical SMEs across IT Operations.
    • Develop DR test plans, scoping documents, timelines, and stakeholder communication plans in coordination with system owners and application custodians.
    • Document test execution results, capture gaps or failures, and produce comprehensive post-exercise reports for IT leadership and executive stakeholders.
    • Track remediation of identified DR gaps to closure; maintain updated DR runbooks, test records, and lessons-learned logs.
    • Assist in the broader Business Continuity Planning (BCP) process as it pertains to cybersecurity resilience and recovery readiness.
  • SharePoint Intranet & Stakeholder Dashboard Publishing:
    • Design, build, and maintain dedicated SharePoint sites and pages serving as the centralized hub for cybersecurity communications, dashboards, and reporting artifacts.
    • Embed and publish Power BI reports directly into SharePoint pages, ensuring stakeholders can access live, role-appropriate dashboards without requiring Power BI licensing or direct platform access.
    • Develop audience-specific SharePoint pages tailored to the information needs of distinct stakeholder groups, including IT leadership, department managers, executive sponsors, audit / compliance teams, and general staff, applying role-based access controls and page permissions accordingly.
    • Maintain separate SharePoint views for TPRM metrics, cyber awareness training completion and phishing stats, governance and risk posture indicators, and DR testing results, ensuring content remains current and accurate.
    • Collaborating with department heads and business units leads to understanding their reporting consumption preferences and translating those needs into intuitive, self-service SharePoint dashboard pages.
    • Establish and enforce a publishing cadence (monthly, quarterly) for dashboard refreshes and narrative updates aligned to governance reporting calendar.
    • Apply SharePoint governance best practices, including naming conventions, version control, content lifecycle management, and access review procedures.
    • Coordinate with IT infrastructure and Microsoft 365 administrators as needed for site provisioning, permissions architecture, and integration with Power BI Service workspaces.
  • Internal:
    • Communicate within the assigned department and with other departments to ensure understanding and achievement of department and organization goals and standards; provide the highest level of service to internal customers; exchange information and ideas for improvements in the department and organization; coordinate customer service activities, plans, and requirements; and improve the knowledge base of company policies, procedures, and programs.
    • Participate in staff meetings to develop and implement present and plans; monitor and revise strategies and programs; confer on mutual issues; exchange information; and share in the determination and formulation of policies and procedures.
  • External:
    • Provide the highest level of quality customer service to external customers through various forms of communication as well as proactive and professional relationships with customers, the business community, and the general public.

Required Qualifications:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or a closely related field.
  • Equivalent combination of education and demonstrated professional experience will be considered.
  • Minimum 3-5 years of progressive experience in cybersecurity, IT risk management, or a related GRC discipline.
  • Demonstrated experience operating or administering a formal TPRM program or third-party risk platform.
  • Proven ability to build Power BI reports and dashboards that translate security data into executive-ready metrics.
  • Experience developing and delivering cybersecurity awareness training and reporting program metrics.
  • Familiarity with Disaster Recovery planning, tabletop exercises, or DR test coordination.
  • Power BI Report & Dashboard Development
  • Vendor Risk Assessment & Lifecycle Management
  • TPRM Platform Administration (SAFe or Equivalent)
  • GRC Documentation & Control Mapping
  • Security Questionnaire Evaluation (SIG, Custom)
  • Phishing Simulation Analysis & Reporting
  • Cyber Awareness Metrics Tracking & Presentation
  • DR Test Planning, Facilitation & Post-Exercise Reporting
  • Insider Threat Monitoring Support
  • Advanced Microsoft Excel (Pivot Tables, Data Models)
  • Executive-Ready PowerPoint Presentations
  • SharePoint Site Management
  • Clear written & verbal communication at all org levels.
  • Executive-Level Risk Storytelling & Data Narration
  • Cross-Functional Stakeholder Engagement
  • Analytical Thinking & Risk Prioritization
  • Project Coordination & Deadline Management
  • Detail Orientation & Documentation Discipline
  • Ability to manage multiple concurrent workstreams.
  • Vendor Relationship Professionalism
  • Collaborative team player with independent initiative.
  • Adaptability in a fast-paced utility environment.
  • Continuous learning mindset in evolving threat landscape.
  • SharePoint site design and intranet page development.

Preferred Skills:
  • Experience in a regulated industry (electric utility, energy, financial services, or healthcare).
  • Hands-on experience with the SAFe TPRM platform or comparable solutions (One Trust, Process Unity, Prevalent, BitSight, Security Scorecard).
  • Working knowledge of NIST CSF (v2.0), NIST SP 800-161 (C-SCRM), or ISO / IEC 27036 supply chain risk standards.
  • Familiarity with Insider Threat frameworks and behavioral analytics monitoring.
  • Experience with Business Continuity Management frameworks (ISO 22301).
  • Background in Learning Management System (LMS) administration and instructional design principles for security awareness content.
  • Advanced Power BI skills: DAX measures, row-level security, scheduled refresh, paginated reports.
  • One or more of the following certifications:
    • PL-300: Microsoft Power BI Data Analyst
    • CTPRP: Certified Third Party Risk Professional
    • Security+: CompTIA Security+

Pay Rate: $67 - $70 / Hour

If hired, you will enjoy the following ECLARO Benefits:
  • 401k Retirement Savings Plan administered by Merrill Lynch
  • Commuter Check Pretax Commuter Benefits
  • Eligibility to purchase Medical, Dental & Vision Insurance through ECLARO

If interested, you may contact:
Tim Cusick
Tim.cusick@eclaro.com
646-755-9317
Tim Cusick | LinkedIn

Equal Opportunity Employer: ECLARO values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status, in compliance with all applicable laws.

About the Company

E

ECLARO

Eclaro is a Business and Technology Consulting Firm that connects top talent with opportunities nationwide. We have direct access to Hiring Managers from leading Fortune 1000 organizations in almost every industry segment, with particular expertise in:

• Technology and Business Consulting
• Financial Services and Insurance
• Pharmaceuticals and Life Sciences
• Consumer Products, Public Sector, and Utilities

Eclaro provides fully customizable, comprehensive talent acquisition and management of seasoned professionals through a number of business models, including:

• Consulting
• Professional Hiring
• Global Integrated Delivery™
• Managed Services

Eclaro recruits and manages a staff of highly skilled individuals in an array of specialized disciplines enabling our clients to leverage new opportunities, respond to increased and changing demands, and increase their profitability.

Eclaro’s Management Team averages over 25 years of experience in partnering with clients in technical, corporate operations and human capital solutions. We hold ISO 9001:2008 certification and have achieved SOC 2 Type 2 certification in Security, Availability and Confidentiality. Eclaro’s decades of expertise and collaborative practice have proven that The Right People are The Answer.

COMPANY SIZE
500 to 999 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
1999
WEBSITE
http://www.eclaroit.com