Cyber Risk Analyst Contract to Hire

Title: Cyber Risk Analyst

Location: Columbus, OH (Hybrid: On-site twice a week)

Contract Type: W2 (Must be authorized to work in the U.S.; No sponsorships, No F1-OPTs, No C2C, No 1099)

Contract Duration: 1 Year (Contract to Hire)

Rate: $40 - $45/hr with 401k Benefits

We are seeking an entry-level Cyber Risk Analyst to join our client's cybersecurity team. This role will support the identification, assessment, and mitigation of cyber risks using established frameworks and methodologies, including NIST Cybersecurity Framework (CSF) and Factor Analysis of Information Risk (FAIR). The analyst will work closely with security teams and stakeholders across the organization to ensure the security and protection of information assets. This is a hybrid role, requiring two days on-site per week in Columbus, OH. Candidates must be local to the area.

• Assist in conducting cyber risk assessments using NIST CSF to identify gaps and areas for improvement.
• Gather data and contribute to FAIR analyses to quantify and prioritize cyber risks.
• Document risk assessment findings and provide recommendations through concise reports.

• Support the implementation and maintenance of the NIST CSF within the organization.
• Contribute to the development of policies, standards, and procedures based on risk assessment findings and industry best practices.

• Collect and analyze security data from various sources to identify potential risks and vulnerabilities.
• Assist in developing risk metrics and reporting dashboards.
• Maintain accurate and up-to-date risk registers.

• Assist in the evaluation of security technologies and controls.
• Provide technical support for security-related projects and initiatives.
• Stay updated with emerging cyber threats and vulnerabilities.

• Work closely with IT, security, and business teams to address cyber risk issues.
• Communicate risk assessment findings and recommendations to relevant stakeholders.
• Participate in security awareness training and initiatives.

• Understanding of fundamental cybersecurity concepts and principles.
• Familiarity with the NIST Cybersecurity Framework (CSF).
• Basic knowledge of risk management methodologies , preferably including FAIR.
• Strong analytical and problem-solving skills.
• Ability to collect, analyze, and interpret security data.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a team environment.
• Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).
• Technical understanding of basic networking concepts and operating systems.
• Strong desire to learn and expand cybersecurity knowledge.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Relevant certifications (e.g., CompTIA Security+ , Certified in Risk and Information Systems Control (CRISC) Foundation , or similar) are a plus.
• Internship or entry-level experience in cybersecurity or risk management is preferred.