Job Information
IMRI Cyber Risk Management Analyst in New York, New York
Cyber Risk Management Analyst
Apply Now!
Back to search
Location: New York, New York
Posted: 4/6/2026
Location Name: New York
Wage Max: 150,000.00 Annual
Wage Min: 90,000.00 Annual
Position Type: Full-Time
COMPANY OVERVIEW
Join our award-winning team at Information Management Resources, Inc. (IMRI), a small business leader in the technology industry known for our commitment to innovation, excellence, and authenticity. Founded in 1992, IMRI has been at the forefront of delivering advanced cybersecurity and IT solutions, safeguarding organizations against evolving threats. We have built a reputation for our expertise in Cybersecurity, Digital Transformation, Strategic Business Consulting, and Staff Augmentation. Guided by our core values of innovation, excellence, and a solution-driven mindset, we have served a diverse portfolio of customers that includes federal agencies, state and local governments, and Fortune 1000 companies.
At IMRI, we recognize the integral part our employees play in our ongoing success. To support this, we offer a comprehensive benefits package, tailored to meet the individual needs of our employees. We are committed to promoting their overall well-being and equipping them with the necessary tools to flourish in their careers. We welcome you to be a part of our ongoing mission as we continue to navigate the digital landscape, committed to empowering organizations with our innovative solutions.
Position: Cyber Risk Management Analyst
Position Summary: Drive enterprise cybersecurity risk management by transforming compliance into a strategic advantage. Quantify risks, assess control effectiveness, and ensure alignment with NIST 800-53 and FISMA frameworks. Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails, prioritize remediation, and track key cyber risks. Conduct enterprise-wide risk assessments, audits, and user awareness programs to reduce risk and continuously improve the organization’s security posture.
Key Duties and Responsibilities:
Expertise in GRC methodologies, third-party risk management (TPRM), and federal compliance (NIST SP 800-53, 800-37). Skilled in Risk Register tracking and maintenance, performing Security Impact Analyses, managing the POA&M lifecycle, and developing security awareness content to mitigate human-centric risks.
Risk Identification & Quantification: Lead enterprise-wide risk assessments using GRC methodologies to identify, evaluate, and prioritize risks, translating technical vulnerabilities into business impact for stakeholders.
Regulatory & Framework Alignment: Ensure ongoing compliance with federal frameworks, including NIST SP 800-53 and 800-37 (RMF), through periodic audits and Security Impact Analyses for new and existing system interconnections.
Strategic POA&M & Risk Register Oversight: Maintain and manage the enterprise Risk Register, tracking key cyber risks and overseeing the full lifecycle of Plans of Action and Milestones (POA&M), ensuring findings are documented, validated, and remediated within defined SLAs.
Key Cyber Risk Tracking: Continuously monitor and report critical cyber risks, using risk dashboards and metrics to provide actionable insights to leadership and maintain enterprise risk posture.
Human-Centric Risk & Awareness: Design and implement security awareness programs and phishing simulations (e.g., KnowBe4, Proofpoint) to reduce social engineering risks and strengthen organizational security culture.
Technical Remediation Partnership: Collaborate with Cybersecurity Engineers and Business Analysts to define compliance guardrails and prioritize remediation activities based on risk impact.
Advanced Risk Analytics & Visualization: Leverage GRC platforms (Archer, ServiceNow) and tools like Power BI and Excel to generate automated risk metrics, heat maps, and executive-level security posture reports.
Requirements:
3+ years experience as a Cyber Risk Management Analyst in a similar role
Required certifications: CISA, CRISC, CGEIT, CISSP, Security+, CCSK, or CGRC
Experience with the following technologies: GRC Platforms (Archer/ServiceNow), TPRM Tools (OneTrust/Prevalent), Awareness Platforms (KnowBe4/Proofpoint), MS Power BI, Excel (Advanced), and JIRA.
IMRI offers top-tier benefits that include: medical coverage through nationally recognized carriers, ancillary coverages, paid vacation and sick leave in compliance with all state and local laws, 401(k) with company match, company paid life insurance and LTD, and several additional voluntary coverages.
Pay will be commensurate with the experience, skills, and qualifications that the candidate brings to the position.
EQUAL EMPLOYMENT OPPORTUNITY
EEO/Affirmative Action Statement and Non-Discrimination Policy IMRI is an Equal Employment Opportunity employer committed to maintaining a non-discriminatory, diverse work environment. In accordance with Title VII of the Civil Rights Act of 1964, Section 503 of the Rehabilitation Act of 1973, Vietnam Era Veteran's Readjustment Assistance Act of 1974 (VEVRAA), Americans with Disabilities) (ADA), and other federal, state, and local anti-discrimination laws, IMRI does not unlawfully discriminate against any person on the basis of race, color, religion, sex, national origin, ancestry, genetic information, age, marital status, sexual orientation, physical or mental disability, or status as a special disabled veteran or other veteran. IMRI will take affirmative action to assure equal opportunity for employment is provided with regard to all personnel actions. This is including but not limited to: recruitment, selection, compensation, benefits, training, promotion, demotion, layoff, termination and all other terms and conditions of employment.
Apply Now!