Information Security Risk Analyst

Job description

Your Impact The Information Security Risk Analyst is responsible for identifying, assessing, tracking, and communicating information security risks across the organization. This role supports a maturing cybersecurity program by managing acceptable enterprise and third-party risks and leading security training initiatives. About CivicPlus: At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured. What You’ll Do: As an InfoSec Risk Analyst, you will: - Identify and translate inherent and residual risk through likelihood, impact, treatment plans, and ownership. - Define and track risk and awareness key metrics to measure program effectiveness and communicate to leadership and governance committees. - Conduct and manage enterprise information security risk assessment through recognized frameworks (including NIST 800-30) and maintain an information security risk register. - L...