Currently Empty: $0.00
Cyber Risk Quantification Analyst
Salary- $105.8K/yr - $174.8K/yr
Remote
Posted 3 weeks ago
Job Summary
We are seeking a highly analytical and detail-oriented Cyber Risk Quantification Analyst to join our Cyber Security and Risk Management team. The ideal candidate will evaluate and quantify cyber risks by leveraging data analytics, financial modeling, and cybersecurity frameworks to estimate the potential business impact of cyber threats. This role partners with cybersecurity, finance, technology, and executive leadership teams to enable data-driven risk management and strategic decision-making.
Job Description
The Cyber Risk Quantification Analyst is responsible for translating technical cyber risks into measurable business and financial impacts. This role develops quantitative risk models, performs scenario analyses, and provides actionable insights that support cybersecurity investments, regulatory compliance, and enterprise risk management initiatives.
The position requires expertise in cybersecurity principles, data analytics, risk assessment methodologies, and financial analysis to communicate cyber risks in business terms.
Key Responsibilities
Cyber Risk Assessment & Quantification
- Identify and assess cyber threats, vulnerabilities, and business risks across the organization.
- Quantify potential financial losses resulting from cyber incidents such as ransomware, data breaches, insider threats, and system outages.
- Develop risk models to estimate likelihood, impact, and exposure to cyber events.
- Maintain enterprise cyber risk registers and risk metrics.
Data Analytics & Modeling
- Analyze large datasets related to security incidents, threat intelligence, vulnerabilities, and operational risks.
- Develop statistical and predictive models to measure cyber risk exposure.
- Conduct scenario analysis and simulations to evaluate potential cyber events.
- Build risk scoring methodologies and dashboards for executive reporting.
Business Impact Analysis
- Estimate operational, financial, legal, and reputational impacts of cyber incidents.
- Collaborate with business units to identify critical assets and dependencies.
- Support cyber insurance evaluations and financial risk assessments.
- Develop key risk indicators (KRIs) and risk tolerance metrics.
Reporting & Executive Communication
- Translate technical security findings into business-oriented reports and recommendations.
- Prepare cyber risk presentations for senior leadership and risk committees.
- Develop dashboards and metrics to communicate enterprise cyber risk posture.
- Support strategic cybersecurity investment decisions through quantitative analysis.
Governance, Risk & Compliance (GRC)
- Align cyber risk assessments with industry frameworks and standards.
- Support internal and external audit activities.
- Ensure compliance with cybersecurity and risk management policies.
- Contribute to enterprise risk management and governance initiatives.
Cross-Functional Collaboration
- Partner with cybersecurity operations, IT, finance, legal, and compliance teams.
- Support incident response teams during major security events.
- Participate in risk workshops and tabletop exercises.
- Provide recommendations for risk mitigation strategies and control improvements.
Required Qualifications
- Bachelor’s degree in Cyber Security, Information Systems, Data Science, Computer Science, Statistics, Finance, Mathematics, or a related field.
- 3–7+ years of experience in cyber risk management, cybersecurity analytics, enterprise risk management, or quantitative analysis.
- Strong understanding of cybersecurity principles, threat landscapes, and risk assessment methodologies.
- Experience in statistical analysis, financial modeling, and data analytics.
- Excellent analytical, communication, and problem-solving skills.
Preferred Qualifications
- Master’s degree in Cyber Security, Risk Management, Data Analytics, or Business Administration.
- Professional certifications such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- FAIR (Factor Analysis of Information Risk) Certification
- Certified Information Systems Auditor (CISA)
Technical Skills
Programming & Analytics
- Python
- SQL
- R (Preferred)
- Excel and Financial Modeling
Data Visualization
- Power BI
- Tableau
- Looker
Cybersecurity Tools & Platforms
- SIEM Platforms (Splunk, Microsoft Sentinel, QRadar)
- Vulnerability Management Platforms
- GRC Platforms
- Risk Management Dashboards
Frameworks & Methodologies
- FAIR (Factor Analysis of Information Risk)
- NIST Cybersecurity Framework
- ISO 27001
- Enterprise Risk Management (ERM)
- Quantitative Risk Modeling
Key Performance Indicators (KPIs)
- Accuracy of cyber risk quantification models
- Enterprise cyber risk exposure reduction
- Timeliness of risk assessments and reporting
- Effectiveness of risk mitigation recommendations
- Executive adoption of risk metrics and dashboards
- Cyber risk reporting quality and completeness
- Support for strategic cybersecurity investment decisions
Job Features
| Job Category | Cyber Security |




