Perform security control evaluations using NIST 800-53 and CIS Controls as implementation guides rather than compliance checklists.
Assess actual security posture and effectiveness against real-world threats.
Analyze and prioritize cyber risks based on technical likelihood, business impact, and threat intelligence - translating complex security vulnerabilities into actionable risk scenarios for stakeholders.
Drive technical risk remediation by working directly with technical teams and business stakeholders to align on and execute security improvements.
Maintain and evolve the cyber risk register with technically accurate risk descriptions, realistic threat scenarios, and meaningful metrics that reflect real security posture improvements.
Support the team in assessing third-party security risks through technical security questionnaires, penetration test reviews, and security architecture analysis in addition to vendor compliance documentation.
Collaborate with security operations teams to incorporate threat intelligence, incident findings, and vulnerability data into risk assessments and prioritization decisions.
Help mature risk-based security metrics that measure security improvements and threat reduction rather than compliance percentages.
Participate in internal and external audit processes for relevant compliance concerns including SOX and GDPR at the enterprise level.
Interface with global IT and business partners to provide guidance, risk advisory services and support.

Requirements

3+ years of cybersecurity experience with practical, hands-on technical background.
Strong technical foundation in network security, system hardening, vulnerability management, and enterprise security architectures.
Practical experience implementing security frameworks - hands-on work with NIST Cybersecurity Framework, NIST 800-53 controls, or CIS Controls in operational environment.
Understanding of threat landscapes including the MITRE ATT&CK framework, threat intelligence, and attack methodologies targeting retail/enterprise environment.
Strong analytical and communication skills with the ability to translate technical vulnerabilities into business risk scenarios and present complex security concepts to diverse audiences, including non-technical stakeholders and executive leadership.
Experience with technical risk assessment and the ability to quantify and prioritize risks based on likelihood and business impact.
Understanding of retail security challenges including customer data protection and supply chain security considerations.
Proven ability to work with technical teams including security engineers, system administrators, and developers to drive security improvements.
Self-motivated problem solver who thrives in collaborative, cross-functional environments.
Retail or e-commerce experience a plus.

Benefits

Health insurance
401(k) matching
Flexible work hours
Paid time off
Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

NIST 800-53CIS Controlscybersecuritynetwork securitysystem hardeningvulnerability managementNIST Cybersecurity FrameworkMITRE ATT&CK frameworktechnical risk assessmentsecurity architecture

Soft Skills

analytical skillscommunication skillsproblem solvingcollaborationstakeholder engagementrisk prioritizationtechnical translationself-motivatedcross-functional teamworkpresentation skills