Job Description

Cyber Security Risk Engineer
We are seeking a Cyber Security Risk Engineer with a robust background in the full suite of modern technologies employed within an enterprise environment. This role requires a deep understanding of operating systems (Windows, Linux, MacOS, and Mobile), cloud services (Google, Amazon, Microsoft to include M365), network infrastructure, technologies, and protocols as well as databases. The ideal candidate will be able to navigate conversations that range from very technical through to high level risks with a range of stakeholders. This is a stakeholder-facing role so the ability to accurately and effectively establish and maintain a customer-focused presence is essential.

Primary Responsibilities

Provide technical advice and guidance related to modern system architectures that meet stakeholder needs and provide functionality, security, and resilience by design. Collaborate closely with compliance, legal, IT, business stakeholders, and external clients to understand operational requirements, regulatory obligations, and risk tolerance. Serve as a technical point of contact for clients, addressing and managing their technical requirements, security concerns, and risk management needs. Conduct comprehensive risk assessments of information systems, applications, business processes, and underlying technical infrastructure and clearly document identified risks with accompanied compensating controls that address security gaps when standard controls are not feasible. Monitor the effectiveness of compensating controls and recommend improvements as needed to maintain compliance and reduce residual risk across diverse technical environments. Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and evolving enterprise technologies. Assist with incident response planning and post-incident risk evaluation, leveraging broad technical knowledge to assess impacts and recommend improvements.

Qualifications/Skills Required

Bachelor's degree in Cyber Security, Information Technology, Computer Science, or a related field with broad technical knowledge spanning all aspects of a modern enterprise environment. 5+ years of experience in information technology and / or information security, with a strong focus on enabling business objectives. Demonstrated experience working with information technology, information security, compliance, legal, business teams, and clients to assess and document security risks and compensating controls. Advanced knowledge of risk management frameworks (e.g., NIST, ISO 27001, CIS20) and regulatory requirements relevant to the financial sector is a plus. Exceptional analytical, communication, and report-writing skills, with the ability to translate complex technical issues into clear, actionable recommendations for both technical and non-technical audiences.

Desired Skills

Experience in the financial services sector or advisory work with a leading consulting firm. Familiarity with the design and evaluation of compensating controls in regulated environments. Ability to translate technical risks into business impacts and actionable recommendations. Experience presenting technical risk findings to executive leadership, clients, and non-technical stakeholders. * One or more of the following certifications: CISSP, CISA, CompTIA CySA+