Blue Chip Talent
Overview
We are seeking a Cybersecurity Risk & GRC Analyst to lead and mature our IT and cybersecurity risk management program. This role is best suited for a professional who has owned and led a cyber risk register, defined risk metrics and processes, and performed vendor and third-party security risk assessments. This is not an audit-only role. While audits and compliance are part of the ecosystem, the primary focus is risk identification, assessment, tracking, and mitigation across the organization. Key Responsibilities
Own and manage the IT/cyber risk register, including: Risk methodology and scoring Metrics, reporting, and dashboards Risk lifecycle management and remediation tracking Lead IT and cybersecurity risk assessments, documenting risks, impacts, likelihood, and treatment plans Support and enhance the vendor and third-party risk management process, including: Reviewing vendor security assessments Mapping vendor controls to internal and external frameworks Supporting cybersecurity reviews during onboarding and renewals Use a GRC platform (LogicGate) to document and track risks, controls, and assessments Map risks and controls to frameworks such as NIST CSF, ISO 27001, FedRAMP, CCSK Coordinate with internal teams to monitor the effectiveness of security controls Contribute to the development and updates of security policies and standards (policy ownership is not required) Support security incident response activities as needed (supporting role only) Contribute to security and risk requirements for new systems and initiatives Assist with AI risk and governance assessments, aligned to NIST CSF Required Skills
5+ years of experience in one or more information security domains, such as: Vendor or third-party risk management Security governance or GRC Must have experience leading or owning a cyber risk register Hands-on experience with vendor security assessments and control mapping Strong understanding of risk frameworks and methodologies Familiarity with frameworks such as NIST CSF and ISO 27001 Strong communication skills and experience working cross-functionally Preferred Qualifications
Experience supporting Federal agency programs (e.g., FedRAMP) Experience with AI governance or AI risk management Experience with GRC platforms (LogicGate or similar) One or more certifications: CRISC CISSP CCSK / CSA Seniority level
Mid-Senior level Employment type
Full-time Job function
Analyst Industries: Technology, Information and Media Get notified about new Information Technology Specialist jobs in
Southfield, MI . Southfield, MI $60,000.00-$70,000.00 1 month ago Farmington Hills, MI $45,000.00-$55,000.00 3 weeks ago Detroit, MI $69,888.00-$100,949.33 1 month ago
#J-18808-Ljbffr
We are seeking a Cybersecurity Risk & GRC Analyst to lead and mature our IT and cybersecurity risk management program. This role is best suited for a professional who has owned and led a cyber risk register, defined risk metrics and processes, and performed vendor and third-party security risk assessments. This is not an audit-only role. While audits and compliance are part of the ecosystem, the primary focus is risk identification, assessment, tracking, and mitigation across the organization. Key Responsibilities
Own and manage the IT/cyber risk register, including: Risk methodology and scoring Metrics, reporting, and dashboards Risk lifecycle management and remediation tracking Lead IT and cybersecurity risk assessments, documenting risks, impacts, likelihood, and treatment plans Support and enhance the vendor and third-party risk management process, including: Reviewing vendor security assessments Mapping vendor controls to internal and external frameworks Supporting cybersecurity reviews during onboarding and renewals Use a GRC platform (LogicGate) to document and track risks, controls, and assessments Map risks and controls to frameworks such as NIST CSF, ISO 27001, FedRAMP, CCSK Coordinate with internal teams to monitor the effectiveness of security controls Contribute to the development and updates of security policies and standards (policy ownership is not required) Support security incident response activities as needed (supporting role only) Contribute to security and risk requirements for new systems and initiatives Assist with AI risk and governance assessments, aligned to NIST CSF Required Skills
5+ years of experience in one or more information security domains, such as: Vendor or third-party risk management Security governance or GRC Must have experience leading or owning a cyber risk register Hands-on experience with vendor security assessments and control mapping Strong understanding of risk frameworks and methodologies Familiarity with frameworks such as NIST CSF and ISO 27001 Strong communication skills and experience working cross-functionally Preferred Qualifications
Experience supporting Federal agency programs (e.g., FedRAMP) Experience with AI governance or AI risk management Experience with GRC platforms (LogicGate or similar) One or more certifications: CRISC CISSP CCSK / CSA Seniority level
Mid-Senior level Employment type
Full-time Job function
Analyst Industries: Technology, Information and Media Get notified about new Information Technology Specialist jobs in
Southfield, MI . Southfield, MI $60,000.00-$70,000.00 1 month ago Farmington Hills, MI $45,000.00-$55,000.00 3 weeks ago Detroit, MI $69,888.00-$100,949.33 1 month ago
#J-18808-Ljbffr