Intermediate Cybersecurity Risk Analyst to perform risk assessments and enable compliance

Our large Oil & Gas industry client is seeking an Intermediate Cybersecurity Risk Analyst to perform risk assessments and enable compliance.

Initial full-time contract until Dec 15, 2026, with a possibility of extension.

100% Remote Contract within MST hours of operation!

Position Overview: Responsible for managing the lifecycle of cybersecurity risk assessments for corporate digital environment, industrial control systems (ICS) environments, and third-parties in addition to identifying current/emerging security risks based on the output of the assessments.

Must-Haves:

• A minimum of four (4+) or more years of Cybersecurity, Risk Management, or related experience
• Proven experience managing and identifying cybersecurity risk for a large, enterprise environment
• Demonstrated understanding of cybersecurity business processes, industry best practices, cybersecurity controls and related standards such as NIST CSF, NIST SP 800 53, and/or ISO/IEC 27001 & 27002.
• Demonstrated strong understanding of the IT security landscape, including emerging risks and security solutions

Nice-to-Haves:

• ICS/ SCADA experience.
• Understanding of network architectures, including on-premise, cloud, and hybrid environments.
• Familiarity with common network components and technologies, such as firewalls, routers, switches, VPNs, and network segmentation.
• Risk management certifications are considered an asset (e.g. CISA).
• Previous work experience and an overall understanding of the energy industry.

Key Responsibilities:

• Perform cybersecurity risk assessments based on established cybersecurity risk framework and processes
• Facilitate business impact assessment to support cybersecurity risk assessments
• Communicate cybersecurity risk to business owners and managers
• Report on cybersecurity risk and manage their life cycle with stakeholders
• Drive development, implementation and automation of risk management tools and processes
• Identify and analyze complex business and technology risks
• Recommend cost effective and appropriate risk control to reduce cybersecurity risk
• Enter, update, and maintain accurate risk information within the cybersecurity risk register in accordance with established procedures.
• Conduct research to maintain and expand knowledge on the latest cybersecurity controls and standards, as well as the threat and vulnerability landscape
• Manage and provide cybersecurity risk support to project activities across the enterprise
• Collaborate with the Manager GRCR, GRCR team, other Enterprise Security team members, IS teams and business units on all areas related to cybersecurity