Senior Analyst, Cyber Risk & Compliance (f/m/d)
Indexed description
The ideal candidate is a strong execution-oriented practitioner with hands-on experience in risk identification, control assessment, risk analysis, GRC platform administration/use, and reporting, along with a solid understanding of the NIST Cybersecurity Framework (CSF) and NIST Risk Management Framework (RMF).
Your role
- Conduct cybersecurity and IT risk assessments across systems, applications, infrastructure, business processes, and third parties, as applicable.
- Use ServiceNow IRM or similar GRC tools to manage risk workflows, control records, issues, exceptions, and reporting.
- Perform control assessments to evaluate control design, implementation, and operating effectiveness.
- Identify and document threats, vulnerabilities, control gaps, business impacts, and residual risks.
- Maintain the cyber risk register, including risk scoring, ownership, treatment plans, and remediation status.
- Track and follow up on risk remediation and corrective action plans with control owners and stakeholders.
- Prepare risk posture dashboards, reports, KRIs, and summaries for leadership and governance forums.
- Support alignment with applicable regulatory and framework requirements, including NIST, NIS2, DORA, ISO 27001/27005, and PCI DSS.
- Partner with cybersecurity, IT, compliance, audit, legal, and business teams to gather evidence, validate findings, and support remediation efforts.
- Contribute to audit, compliance, and regulatory readiness activities by maintaining clear and accurate risk and control documentation.
- Analyze risk trends and recurring control issues to support continuous improvement of the risk management program.
- Assist in strengthening and standardizing risk assessment methodologies, templates, and reporting processes.
- 4-7+ years of experience in cybersecurity, IT risk, information security, audit, or compliance.
- Hands-on experience with risk assessments, control assessments, risk registers, and risk/reporting processes.
- Strong knowledge of NIST CSF and NIST RMF, with familiarity in NIS2, DORA, ISO 27001/27005, PCI DSS, and related frameworks.
- Hands-on experience with ServiceNow IRM / GRC platforms is a must.
- Strong analytical, documentation, communication, and stakeholder management skills.
- Ability to translate technical findings into clear business risk language.
- Bachelor’s degree in a related field; certifications such as CRISC, CISA, CISSP, or CISM are preferred.
- Fluent English language knowledge and good German language needed.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search