Principal IT Risk Management Analyst

About the role

At Strategic Education Inc., our mission is to enable economic mobility through education. Through a portfolio of institutions and learning solutions, we focus on serving working adult learners by improving college affordability, enhancing student engagement, and strengthening workforce readiness so our graduates are equipped with the skills needed to succeed in today's jobs. This mission guides how we operate as an organization, including our approach to enterprise technology and risk management. The Principal IT Risk Management Analyst is a senior‑level role responsible for leading and overseeing comprehensive IT risk management efforts across the organization. This position provides strategic guidance on identifying and assessing complex technology risks and on the development and implementation of effective risk management strategies. The Principal IT Risk Management Analyst partners closely with cross‑functional stakeholders to promote the security, compliance, and resilience of the organization's IT systems, infrastructure, and processes. Essential Duties & Responsibilities: Strategic Leadership: Provide thought leadership and strategic direction in IT risk management, aligning efforts with the organization's goals and risk tolerance. Collaborate with executive leadership to define risk management strategies and objectives. Risk Assessment and Analysis: Identify and assess high-impact IT risks, including emerging cybersecurity threats, regulatory compliance gaps, and operational vulnerabilities. Analyze complex risk scenarios, evaluating potential business impacts and likelihoods. Risk Mitigation Strategy: Develop and execute comprehensive risk mitigation strategies, ensuring the effective implementation of controls, processes, and frameworks. Lead the design of risk management initiatives that align with industry best practices and standards. Cross-Functional Collaboration: Work closely with IT, cybersecurity, legal, compliance, and business units to integrate risk management principles into day-to-day operations. Facilitate communication and collaboration among teams to ensure a unified approach to risk management. Regulatory Compliance: Monitor and interpret relevant IT regulations, standards, and frameworks (e.g., GDPR, FERPA, NIST, ISO 27001, CIS 8) to ensure compliance. Advise on risk management strategies that address compliance requirements. Risk Reporting and Communication: Prepare and deliver clear and concise risk reports for executive management and relevant stakeholders. Communicate complex technical concepts and risk scenarios in a manner understandable by non-technical audiences. Incident Response and Recovery: Provide leadership during IT security incidents, guiding incident response teams to minimize impact and ensure effective recovery. Review and enhance incident response plans to reflect lessons learned and emerging threats. Continuous Improvement: Identify opportunities to enhance risk assessment methodologies, tools, and processes based on evolving threats and industry trends. Drive continuous improvement initiatives across the risk management function. Mentorship and Development: Provide mentorship and guidance to junior members of the risk management team, fostering professional growth and skill development. Job Skills: Proven leadership skills with the ability to guide cross-functional teams and provide strategic direction. Strong analytical and problem-solving capabilities to assess complex risk scenarios and recommend effective mitigation strategies. Ability to write and manage policies Excellent communication and presentation skills to convey technical information to various stakeholders. Familiarity with security technologies, security frameworks, tools, and industry best practices. Project management skills to drive risk management initiatives and improvements. Ability to adapt to evolving technologies and risks in the IT landscape. Work Experience: 5+ years of experience in a Senior Analyst role or Similar 5+ yrs of experience in IT risk management, with a strong understanding of risk assessment methodologies, frameworks, and regulatory requirements. 5+ yrs experience with Third Party Risk Management. 3+ yrs experience with Artificial Intelligence, Cloud Platforms, and DevSecOps. 3+ with incident response, crisis management, and business continuity planning. Education: Bachelor's degree in Information Technology, Cybersecurity, IT Risk Management, Business, or a related field (Master's preferred). Certificates, licenses and registrations: Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) or Project Management Professional are required. Other: Must be able to travel occasionally should a business need arise. For most roles travel would not be common. Travel may involve plane, car or metro. In accord