Sr. Cyber Risk Analyst

About The Position

Requirements

• Bachelor's Degree and 4 years of experience in Risk management, or financial analysis, or statistical modeling OR High School Diploma or GED and 8 years of experience in Risk management, or financial analysis, or statistical modeling
• 8+ years of experience in cybersecurity risk management, cybersecurity operations, governance, or related fields.
• Strong understanding of cybersecurity domains including Threat and Vulnerability Management, Identity & Access Management, Network Security & Architecture, Endpoint Security, Data Protection, and Encryption.
• Demonstrated experience performing complex risk assessments, control evaluations, and evidence-based risk analysis.
• Ability to interpret security standards and applicable regulations and frameworks.
• Proven ability to communicate and influence effectively at all organizational levels, including senior leadership.
• Strong analytical, critical thinking, and problem-solving skills.
• Exceptional written communication skills and attention to detail.
• Risk-Based Decision Making: Applies structured analysis to determine risk severity and justify recommendations.
• Technical Aptitude: Understands complex systems, architectures, and security controls.
• Influencing Skills: Guides stakeholders toward informed risk decisions while maintaining strong relationships.
• Judgment & Accountability: Exercises sound judgment in ambiguous or evolving situations.
• Quality & Rigor: Produces audit-ready documentation with precision and clarity.
• Collaboration: Works effectively across cybersecurity, technology, and business teams.

Nice To Haves

• Professional certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience working with security exception processes, GRC tools, or enterprise risk frameworks.
• Prior experience in financial services, heavily regulated industries, or environments with strong audit expectations.
• Familiarity with CVSS scoring, threat modeling methodologies, and likelihood/impact modeling.

Responsibilities

• Risk Assessment of Security Exceptions: Conduct end-to-end risk assessments for exceptions to information security standards, including detailed analysis of key risk data points, threat scenarios, and compensating controls. Evaluate likelihood and impact factors using defined methodologies to determine inherent risk ratings. Document assessment results clearly and comprehensively, including rationale, evidence, and recommended risk treatments. Ensure consistency and repeatability in risk scoring across the security exceptions portfolio.
• Control Effectiveness & Validation: Perform control effectiveness assessments on security controls leveraged within risk assessments. Review supporting documentation, evidence, and control designs to ensure applicability to standard exceptions.
• Evidence Collection & Analytical Review: Gather and analyze technical and procedural evidence from system owners, SMEs, and business units. Review architecture diagrams, vulnerability reports, IAM configurations, network flows, and other technical artifacts to inform risk decisions. Maintain high-quality documentation that is audit-ready and aligned with regulatory expectations.
• Stakeholder Engagement: Facilitate conversations with senior leaders, system owners, architects, SMEs, and risk teams to ensure clarity of risk posture and decision-making. Present complex cybersecurity concepts in a clear, concise manner appropriate for both technical and non-technical audiences. Provide subject matter expertise on security exceptions governance, risk methodology, and best practices.
• Governance & Continuous Improvement: Contribute to the enhancement of risk assessment methodologies and operations. Support audit and regulatory inquiries by providing well-structured documentation and risk analysis rationale. Identify opportunities for process and control improvements across the cybersecurity risk and exceptions lifecycle.

Benefits

• Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.