Description:
Skechers is seeking a technically minded Cybersecurity Risk Analyst to join our global information security team. The ideal candidate will bring a passion for cybersecurity and a history of identifying, analyzing, and mitigating security risks across a diverse technology environment. You'll leverage your deep understanding of threat landscapes, security architectures, and frameworks such as NIST and CIS to proactively assess risks and drive security improvements. This role requires someone who thinks like a security practitioner first - someone who can analyze technical vulnerabilities, assess real-world attack scenarios, and translate complex security risks into business impact.
What You'll Do
- Perform security control evaluations using NIST 800-53 and CIS Controls as implementation guides rather than compliance checklists. Assess actual security posture and effectiveness against real-world threats.
- Analyze and prioritize cyber risks based on technical likelihood, business impact, and threat intelligence - translating complex security vulnerabilities into actionable risk scenarios for stakeholders.
- Drive technical risk remediation by working directly with technical teams and business stakeholders to align on and execute security improvements.
- Maintain and evolve the cyber risk register with technically accurate risk descriptions, realistic threat scenarios, and meaningful metrics that reflect real security posture improvements.
- Support the team in assessing third-party security risks through technical security questionnaires, penetration test reviews, and security architecture analysis in addition to vendor compliance documentation.
- Collaborate with security operations teams to incorporate threat intelligence, incident findings, and vulnerability data into risk assessments and prioritization decisions.
- Help mature risk-based security metrics that measure security improvements and threat reduction rather than compliance percentages.
- Participate in internal and external audit processes for relevant compliance concerns including SOX and GDPR at the enterprise level.
- Interface with global IT and business partners to provide guidance, risk advisory services and support.
Requirements
- 3+ years of cybersecurity experience with practical, hands-on technical background.
- Strong technical foundation in network security, system hardening, vulnerability management, and enterprise security architectures.
- Practical experience implementing security frameworks - hands-on work with NIST Cybersecurity Framework, NIST 800-53 controls, or CIS Controls in operational environment.
- Understanding of threat landscapes including the MITRE ATT&CK framework, threat intelligence, and attack methodologies targeting retail/enterprise environment.
- Strong analytical and communication skills with the ability to translate technical vulnerabilities into business risk scenarios and present complex security concepts to diverse audiences, including non-technical stakeholders and executive leadership.
- Experience with technical risk assessment and the ability to quantify and prioritize risks based on likelihood and business impact.
- Understanding of retail security challenges including customer data protection and supply chain security considerations.
- Proven ability to work with technical teams including security engineers, system administrators, and developers to drive security improvements.
- Self-motivated problem solver who thrives in collaborative, cross-functional environments.
- Retail or e-commerce experience a plus.