Advance your potential – and reach your goals

The Cybersecurity Risk Assessment Analyst is responsible for identifying, assessing, and managing cybersecurity risk associated with enterprise applications used across the organization. This role executes risk assessments according to a defined risk-based schedule, assigns risk tiers, and validates that appropriate security controls are designed and operating effectively in alignment with the assigned risk level.

This position plays a critical role in ensuring that application-related risks are identified early, clearly articulated, and remediated in partnership with control owners and business stakeholders. The Analyst must be able to translate the risks into clear, actionable insights for both technical and non-technical audiences while maintaining audit-ready documentation aligned with regulatory and industry expectations.

The ideal candidate combines strong technical cybersecurity knowledge with sound risk judgment, regulatory awareness, and the ability to balance security requirements with business priorities.

Responsibilities:

• Perform comprehensive cybersecurity risk assessments of applications in accordance with a defined risk-based assessment schedule.
• Validate that security controls are appropriately designed and implemented in alignment with assigned risk ratings.
• Identify control gaps and partner with technology, identity and access management, infrastructure, and business teams to develop and implement remediation plans.
• Evaluate and assess controls related to:
  • Identity and Access Management (IAM), including MFA, SSO, privileged access, role-based access controls, and access certifications
  • Logging, monitoring, and audit trail capabilities
  • Encryption in transit and at rest
• Communicate risk findings and recommendations to stakeholders at varying levels of technical expertise, including senior leadership.
• Contribute to continuous improvement of the application risk assessment methodology, tooling, metrics, and reporting.
• Develop and maintain metrics to measure program effectiveness and risk trends.
• Prepare clear, defensible, and audit-ready risk documentation suitable for regulatory review (e.g., NYDFS, NIST, SOC 2).
• Support internal and external audits by providing evidence, documentation, and subject matter expertise.
• Maintain application risk assessment program procedures and documentation.
• Stay current on evolving cyber threats, regulatory expectations, and industry best practices.

Qualifications:

• 3–7+ years of experience in cybersecurity risk assessments, IT risk management, control testing, audit, or information security.
• Strong technical understanding of:
  • Identity and Access Management (IAM)
  • Authentication and authorization controls (MFA, SSO)
  • Logging and security monitoring
  • Encryption standards and key management
  • Application security fundamentals
• Experience identifying control deficiencies and driving remediation efforts across cross-functional teams.
• Working knowledge of cybersecurity frameworks and regulations such as, NIST Cybersecurity Framework (CSF), NYDFS 23 NYCRR 500, CIS Controls, SOC 2.
• Experience preparing documentation suitable for regulatory and audit review.
• Strong analytical and critical thinking skills with the ability to assess technical risk within a business context.
• Excellent written and verbal communication skills, including the ability to explain cyber risk to non-technical stakeholders.
• Ability to manage multiple assessments simultaneously in a structured and organized manner.

Who we Are

OneMain Financial (NYSE: OMF) is the leader in offering nonprime customers responsible access to credit and is dedicated to improving the financial well-being of hardworking Americans. Since 1912, we’ve looked beyond credit scores to help people get the money they need today and reach their goals for tomorrow. Our growing suite of personal loans, credit cards and other products help people borrow better and work toward a brighter future.

Driven collaborators and innovators, our team thrives on transformative digital thinking, customer-first energy and flexible work arrangements that grow lives, careers and our company. At every level, we’re committed to an inclusive culture, career development and impacting the communities where we live and work. Getting people to a better place has made us a better company for over a century. There’s never been a better time to shine with OneMain.

Because team members at their best means OneMain at our best, we provide opportunities and benefits that make their health and careers a priority. That’s why we’ve packed our comprehensive benefits package for full- and some part-timers with: 

• Health and wellbeing options including medical, prescription, dental, vision, hearing, accident, hospital indemnity, and life insurances 
• Up to 4% matching 401(k)   
• Employee Stock Purchase Plan (10% share discount)   
• Tuition reimbursement   
• Paid time off (15 days’ vacation per year, plus 2 personal days, prorated based on start date) 
• Paid sick leave as determined by state or local ordinance, prorated based on start date 
• Paid holidays (7 days per year, based on start date) 
• Paid volunteer time (3 days per year, prorated based on start date) 

Target base salary range is $100K-$120K, which is based on various factors including skills and work experience. In addition to base salary, this role is eligible for a competitive compensation program that is based on individual and company performance.