Description

What is VBG:

Veteran Benefits Guide has been proud to serve our nation’s service members for more than 10 years. Founded by a U.S. Marine Corps Veteran, VBG assists Veterans through the challenging VA claims process to efficiently secure their hard-earned benefits. Now operating with more than 225 team members nationwide, VBG has helped over 55,000 Veterans through the VA claims process. The company is dedicated to honoring service and supporting the Veteran community through ongoing advocacy, community partnerships, and meaningful opportunities within its workforce.

What we are looking for:

The Senior Cyber Risk Analyst is responsible for leading enterprise cyber risk management activities, maintaining security and IT policy governance, and providing clear, actionable risk insights to senior leadership. This role partners closely with technology, legal, product, and business teams to identify, assess, and remediate cyber risks across the organization.

This position is open to candidates located in the following states: Arizona (AZ), Washington (WA), Nevada (NV), Utah (UT), Illinois (IL), Ohio (OH), New Jersey (NJ), Virginia (VA), North Carolina (NC), and Florida (FL).

Essential Functions:

Reasonable accommodation may be provided to enable individuals with disabilities to perform essential functions.

• Own and maintain the organization’s information security and IT policies, ensuring align with industry standards and are functionally enforceable in the organization.
• Develop risk posture reporting for senior leadership, including risk assessments, control effectiveness, and risk register updates, tailoring depth and messaging to technical and executive audiences
• Manage the control framework and library by identifying control gaps across technology domains and leading annual control testing and enterprise security assessments
• Lead enterprise cyber risk management activities including identifying and quantifying cybersecurity risks using standardized risk rating methodologies 
• Maintain the enterprise risk register and oversee cybersecurity remediation efforts while advising on compensating controls and interim risk treatment strategies
• Partner cross-functionally with legal, technology, product, and business teams to understand regulatory obligations, risk tolerance, and remediation priorities
• Coordinate and facilitate cross-functional remediation discussions while tracking progress and driving accountability for risk reduction
• Own the third-party risk management process, including vendor security questionnaires, risk assessments of new and existing vendors, and development of remediation plans to address identified security gaps
• Ability to work independently and drive end-to-end initiatives with minimal supervision
• Understanding of DevOps, security architecture, and security configurations, enabling effective collaboration with engineering, product, and infrastructure teams to identify and mitigate risks
• Adaptability and resilience in an evolving environment 
• Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and enterprise technologies.
• Proven ability to translate complex technical risks into clear business impacts and actionable, risk-based recommendations for stakeholders.
• Excellent analytical, written, and verbal communication skills with the ability to influence decision-making across technical and non-technical audiences

Qualifications or competencies:

• One or more industry-recognized certifications such as CompTIA Security+, CISA, CISM, CISSP, or equivalent
• Hands-on experience with GRC tools (Archer, ServiceNow GRC, Vanta, etc.) and formal risk assessment methodologies
• Strong working knowledge of risk management frameworks (NIST, ISO, and CIS) and regulatory requirements for HIPAA compliance
• Broad security domain expertise, including cloud environments, SDLC, application security, data protection and enterprise architecture.

Education and previous work experience:

• 5+ years of experience in cyber risk management, control assurance, or information security governance
• Bachelor's degree or equivalent work experience in Information Technology, Cybersecurity, or a related discipline

Position type:

This is a full-time position. Days and hours of work are Monday through Friday, 8 a.m. to 5 p.m. 

EEO:

Veteran Benefits Guide provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender (including gender identity and gender expression) genetic characteristic, sexual orientation, registered domestic partner status, age, military or veteran status, hairstyle or hair texture, reproductive health decision making, or any other characteristic protected by federal, state, or local laws.