Cyber Risk Management Analyst (Brooklyn)
Paragon IT Professionals, Brooklyn, NY, United States
Location:
Hybrid – Brooklyn, NY
Duration:
2-year contract (+ potential 2-year extension)
Overview
We are seeking an experienced Cybersecurity GRC Analysts to support a large-scale, multi-year initiative focused on enterprise risk management, compliance, and security awareness. This is a key personnel role requiring strong expertise in federal security frameworks and governance practices.
Key Responsibilities
Lead enterprise-wide risk assessments to identify, evaluate, and prioritize cybersecurity risks
Ensure compliance with
NIST SP 800-53
and
NIST SP 800-37 (RMF)
through audits and Security Impact Analyses
Maintain and manage the enterprise
Risk Register
and oversee the full
POA&M lifecycle
Monitor and report cyber risks using dashboards, metrics, and executive-level reporting
Design and deliver security awareness programs, including phishing simulations
Collaborate with Cybersecurity Engineers and Business Analysts to define compliance controls and remediation priorities
Develop automated reporting, including risk heat maps and security posture insights
Required Qualifications
3+ years of experience in cybersecurity, risk, or GRC roles
Strong knowledge of
GRC methodologies ,
TPRM , and federal compliance frameworks (FISMA, NIST)
Experience with risk tracking, POA&M management, and security assessments
Hands-on experience with security awareness program development
Required Certifications (One of the Following)
CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC
Technical Skills
GRC Platforms (e.g., Archer, ServiceNow)
TPRM Tools (e.g., OneTrust, Prevalent)
Security Awareness Platforms (e.g., KnowBe4, Proofpoint)
Microsoft Power BI, Advanced Excel
JIRA
Hybrid – Brooklyn, NY
Duration:
2-year contract (+ potential 2-year extension)
Overview
We are seeking an experienced Cybersecurity GRC Analysts to support a large-scale, multi-year initiative focused on enterprise risk management, compliance, and security awareness. This is a key personnel role requiring strong expertise in federal security frameworks and governance practices.
Key Responsibilities
Lead enterprise-wide risk assessments to identify, evaluate, and prioritize cybersecurity risks
Ensure compliance with
NIST SP 800-53
and
NIST SP 800-37 (RMF)
through audits and Security Impact Analyses
Maintain and manage the enterprise
Risk Register
and oversee the full
POA&M lifecycle
Monitor and report cyber risks using dashboards, metrics, and executive-level reporting
Design and deliver security awareness programs, including phishing simulations
Collaborate with Cybersecurity Engineers and Business Analysts to define compliance controls and remediation priorities
Develop automated reporting, including risk heat maps and security posture insights
Required Qualifications
3+ years of experience in cybersecurity, risk, or GRC roles
Strong knowledge of
GRC methodologies ,
TPRM , and federal compliance frameworks (FISMA, NIST)
Experience with risk tracking, POA&M management, and security assessments
Hands-on experience with security awareness program development
Required Certifications (One of the Following)
CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC
Technical Skills
GRC Platforms (e.g., Archer, ServiceNow)
TPRM Tools (e.g., OneTrust, Prevalent)
Security Awareness Platforms (e.g., KnowBe4, Proofpoint)
Microsoft Power BI, Advanced Excel
JIRA