Cyber Risk Analyst, AVP

New York, NY (Hybrid) Salary Range: $110,000 - $130,000 The Cyber Risk Analyst acts as a subject matter expert in vulnerability management and plays a key role in mitigating enterprise risk for Apple Bank. This position is responsible for utilizing the Qualys platform to identify, assess, and prioritize vulnerabilities, while collaborating closely with IT and other business units throughout the organization to facilitate prompt remediation. Additionally, the Analyst will support security information and event management (SIEM) operations, identity monitoring, and broader security operations center (SOC) activities in coordination with the Bank’s managed security service provider (MSSP). ESSENTIAL DUTIES & RESPONSIBILITIES • Act as a subject matter expert on vulnerability management, providing guidance on the identification, assessment, and remediation of vulnerabilities using Qualys. • Perform regular Qualys scans, validate results, and prioritize findings based on risk and business impact. • Partner with IT teams and system owners to recommend remediation strategies, apply compensating controls, and track remediation progress. • Provide input on vulnerability management processes and help refine workflows to improve efficiency and reduce risk exposure. • Generate key performance and risk metrics to demonstrate vulnerability management progress and security value to management. • Integrate vulnerability data into SIEM platforms to improve detection capabilities and incident response readiness. • Recommend new detections for SIEM data sources and continuously tune existing detections to reduce false positives and improve visibility into true threats. • Investigate identity-related alerts using Microsoft Defender for Identity to detect compromised accounts and abnormal activity. • Support proactive investigations into malware, phishing, and anomalous behaviors with a focus on identifying root causes and driving remediation. • Maintain up-to-date documentation and playbooks for vulnerability management activities, SOC processes, and detection use cases. • Stay current on emerging threats, newly disclosed common vulnerabilities and exposures (CVEs), and attack techniques to advise leadership on risk implications. • Provide timely reporting on open vulnerabilities, remediation status, SOC tickets, and overall incident trends. • Perform additional duties as assigned. SKILLS, EDUCATION, & EXPERIENCE • A bachelor’s degree in computer science, information systems management, or a related discipline is preferred; alternatively, demonstrated equivalent experience and expertise will be considered. • Minimum of 4 years of practical experience in vulnerability management platforms (with a strong preference for Qualys), including activities such as scanning, risk scoring, and providing remediation support. • Previous experience within the financial services or banking sector is highly desirable. • Proficiency with SIEM platforms and identity monitoring solutions (e.g., Microsoft Defender for Identity). • Exceptional communication abilities with the capability to convey technical vulnerabilities in terms relevant to business risk. • Proven ability to work autonomously, effectively prioritize assignments, and drive remediation efforts through to completion. • Comprehensive understanding of security concepts, including CVEs, patch management, and compensating controls. • Experience in developing or refining detection rules within SIEM environments. • Background in threat hunting or incident response. • Experience working with Google SecOps (Chronicle) or other cloud-native SIEM solutions. • Knowledge of regulatory frameworks such as FFIEC, GLBA, NIST, and their relevance to vulnerability and risk management practices. • Familiarity with security technologies including firewalls, email filtering systems, and CASB solutions. • Willingness and availability to provide support outside standard business hours. Visa sponsorship not available. We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, military and/or veteran status, or any other Federal or State legally-protected classes.