IT Cyber Security Risk Analyst

The Cybersecurity Risk Analyst is a key member of the Digital & IT team, helping drive a culture of cybersecurity, improve risk posture, and enhance user-focused security practices across the enterprise.

This individual will serve as a backup to the Security Engineer(s), assisting with incident response, employee support, and cybersecurity projects. They will lead efforts to improve employee cybersecurity awareness, champion a Zero Trust approach to access and identity management, and help ensure business continuity and disaster recovery plans are in place, tested, and improved over time.

This role blends hands-on technical support with program management and education, making it ideal for someone who is both people-oriented and detail-driven.

Essential Job Functions                                                                

Security Operations Support

• Act as a secondary resource for daily security monitoring, incident response, and vulnerability remediation.
• Assist in configuring and managing tools related to endpoint protection, logging, email security, and access control.
• Help execute security-related projects, such as patching programs, encryption rollouts, and policy enforcement.

Access Management & Zero Trust Initiatives

• Help assess and improve identity and access management practices across systems.
• Partner with IT teams to implement role-based access controls and Just-In-Time access principles.
• Lead projects and process design supporting Zero Trust architecture, especially for remote access and SaaS tools.
• Participate in account reviews and privilege audits to ensure appropriate access levels.

Cybersecurity Awareness & Culture

• Develop and lead training and awareness campaigns to reduce employee-related cyber risk.
• Manage phishing simulation programs and track effectiveness.
• Deliver cybersecurity onboarding for new employees and ongoing training for all staff.
• Serve as the go-to contact for employee questions related to phishing, passwords, or safe technology use.

Risk Management & Resilience

• Own the development and maintenance of Business Continuity and Disaster Recovery plans.
• Facilitate tabletop exercises and capture lessons learned to enhance resilience.
• Collaborate with IT and business leaders to identify and reduce operational risk.
• Contribute to regulatory, insurance, and customer security documentation as needed.

Governance, Policy, and Metrics

• Assist in drafting and maintaining cybersecurity policies and procedures.
• Track and report on training compliance, incidents, and risk KPIs.
• Stay current on emerging cyber threats and security trends, providing proactive recommendations.
• Coordinate with external vendors (e.g., MDR, IAM, phishing) and internal teams to support tool effectiveness and projects.

Minimum Requirements, Education & Experience (incl. KSA’s and certifications)

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field
• 2+ years in IT or cybersecurity roles, ideally with experience in user support, IAM, or risk management
• Excellent communication and teaching skills; comfortable presenting to technical and non-technical audiences
• Familiarity with Zero Trust concepts and tools (e.g., MFA, identity providers, conditional access)
• Working knowledge of phishing, endpoint protection, and threat mitigation techniques
• Strong organizational and documentation skills

Desirable Criteria & Qualifications

• Security certifications (e.g., Security+, SSAP, GSEC, or similar)
• Experience with identity & access management tools (e.g., Azure AD, Okta, Duo, etc.)
• Experience managing phishing simulation platforms (Mimecast, KnowBe4)
• Familiarity with business continuity planning and disaster recovery best practices
• Experience conducting or facilitating tabletop exercises
• Exposure to NIST, ISO 27001, or CIS Controls frameworks
• Manufacturing, regulated industry, or multi-site IT experience

All Employees:

Our 401k retirement savings plan with a company match contribution; onsite health clinics, discretionary holiday bonus program (based on years of service), Cretex University, 24/7 employee assistance program with access to five confidential visits with a licensed counselor at no cost, wellness program with incentives, an employee death benefit, and employee sick and safe leave are available to all Cretex employees. 

20+hours:

Cretex’s medical benefit package includes: comprehensive medical insurance with access to virtual providers; dental insurance (Little Partners Dental benefit covers services 100 percent for children 12 and younger when seen by a Health Partners in network provider); vision insurance; a pre-tax health savings account, healthcare and dependent care pre-tax reimbursement accounts; paid holidays, paid time off; and our discretionary profit sharing program are available to employees working 20+ hours/week. 

30+ hours:

Parental Leave, accident and critical illness benefits, optional employee, spouse, and child life; short and long term disability; company provided life insurance; and tuition assistance programs are available to employees working 30+ hours per week. 

(Some benefits are subject to eligibility criteria.)

Applicants will receive consideration for employment regardless of their race, color, creed, religion, national origin, sex, sexual orientation, gender identity, disability, age, veteran status, marital status, family status, status with regard to public assistance, or any other protected status as required by law.  

Our company uses E-Verify to confirm the employment and eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.dhs.gov/E-Verify.