Cyber Risk Analyst

About the role

The Cyber Risk Analyst joins Levi Strauss & Co.'s Cyber Risk & Strategy team in Mexico City. Reporting to the Manager, Cyber Risk, the analyst will implement the cyber risk operational strategy and ensure alignment with key security frameworks.

Key responsibilities

• Implement the cyber risk strategy and advise on improvement opportunities.
• Align programs to ISO 27005, CIS Top 18 Controls, and the NIST Cybersecurity Framework.
• Oversee development and integration of new security processes, communicating changes to stakeholders.
• Lead process‑improvement discussions and present outcomes to senior management.
• Support GRC tool administration and escalate strategic decisions to the risk manager.
• Tier vendors, conduct internal and third‑party security risk assessments, and prioritize controls.
• Determine control effectiveness using the ISO 27005‑based risk management framework.
• Manage the policy lifecycle for the Cyber Risk Policy, including revisions, attestation, and governance.
• Handle day‑to‑day exception processes within the GRC tool for GIS teams.
• Assist risk mitigation or acceptance efforts and perform risk analysis on top risks and critical assets.
• Partner with regional BISOs to address local compliance requirements.

Required profile

• Experience with cyber risk management and GRC processes.
• Knowledge of ISO 27005, CIS Top 18 Controls, and the NIST Cybersecurity Framework.
• Ability to lead process‑improvement initiatives and communicate with senior management.
• Strong analytical skills for risk assessment and vendor tiering.
• Collaboration skills to work with regional BISOs and internal stakeholders.

Required skills

• ISO 27005 risk management framework
• CIS Top 18 Controls
• NIST Cybersecurity Framework
• GRC tool administration
• Security risk assessment (internal and third‑party)
• Policy lifecycle management
• Risk analysis and quantification