Analyst, Cybersecurity Governance, Risk and Compliance

Over The Last 20 Years, Ares’ Success Has Been Driven By Our People And Our Culture. Today, Our Team Is Guided By Our Core Values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – And Our Purpose To Be A Catalyst For Shared Prosperity And A Better Future. Through Our Recruitment, Career Development And Employee-Focused Programming, We Are Committed To Fostering A Welcoming And Inclusive Work Environment Where High-Performance Talent Of Diverse Backgrounds, Experiences, And Perspectives Can Build Careers Within This Exciting And Growing Industry.

Job Description

We are seeking a motivated and proactive Associate to join our global Cybersecurity Governance, Risk, and Compliance (GRC) team. This role is well-suited for professionals with a strong foundation in IT or cybersecurity who are looking to deepen their expertise in governance, risk, and compliance while taking on leadership of defined deliverables and projects. The Associate will work closely with senior team members, business stakeholders, and technology partners to ensure that risk is identified, tracked, and mitigated effectively.

You will be part of a talented and collaborative team of Cybersecurity professionals who demonstrate strong technical and strategic capabilities. This is an opportunity to contribute to high-impact Cybersecurity and Technology Risk Management efforts by helping build and maintain the firm’s cyber and technology risk profiles, identifying gaps in our risk posture, and supporting the implementation of effective controls that strengthen our overall security resilience. If you are looking to be part of a dynamic team that continuously challenges itself, is committed to learning and improving, and is passionate about cybersecurity, then this could be the right opportunity for you!

Primary Functions & Responsibilities -

• Own and manage specific risk assessment workstreams and contribute to the ongoing maintenance of risk registers and profiles that collectively represent the organization’s cyber and technology risk posture.
• Support and contribute to the firm’s cybersecurity governance program by maintaining risk profiles, dashboards, metrics, and reporting that provide governance and oversight of risk management activities and projects.
• Maintain and update key data related to assessments, issues, and remediation activities within the GRC system (e.g., Hyperproof).
• Assist with the execution and governance of the firm’s NIST Cybersecurity Framework (CSF) assessment activities, including capturing detailed evidence, documenting outcomes, and supporting the implementation of recommendations.
• Partner with cross-functional teams to track progress of risk mitigation initiatives and help ensure accountability for follow-through.
• Prepare concise and clear reports, presentations, and governance updates to communicate assessment outcomes and risk management activities.
• Support execution of IT risk control activities, such as the Quarterly Access Review (QAR), and assist in audit-related engagements.
• Document and improve internal playbooks, procedures, and templates that strengthen risk management and assessment processes.
• Actively participate in governance meetings, sharing updates on owned deliverables and providing insights from risk assessments.
• Take initiative by identifying areas for improvement, escalating concerns when appropriate, and contributing to program maturity.

Qualifications-

Education:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• A Master’s degree in a relevant field will be considered and is welcomed as an additional qualification.

Experience Required:

• 2–5 years of relevant experience in Cybersecurity, IT Risk Management, GRC, or related fields

General Requirements:

• Familiarity with the NIST Cybersecurity Framework (CSF) and a foundational understanding of cybersecurity governance and risk principles.
• Knowledge of core cybersecurity concepts and domains, such as:
• Security Operations (e.g., monitoring, incident response fundamentals)
• Identity and Access Management (IAM) (e.g., user lifecycle, access controls, authentication basics)
• Vulnerability Management (e.g., patching, remediation cycles)
• Data Protection (e.g., encryption, data classification basics)
• Security Operations (e.g., monitoring, incident response fundamentals)
• Identity and Access Management (IAM) (e.g., user lifecycle, access controls, authentication basics)
• Vulnerability Management (e.g., patching, remediation cycles)
• Data Protection (e.g., encryption, data classification basics)
• Knowledge of IT risk management processes and control execution.
• Proficiency in Microsoft Office tools (Word, Excel, PowerPoint, Outlook).
• Interest in learning and applying GRC platforms (e.g., Hyperproof) and collaboration tools (e.g., Jira, Confluence).
• Strong documentation, organizational, and communication skills.
• Demonstrated ability to take ownership of tasks and deliverables with accountability.
• Ability to work collaboratively across functions and build strong working relationships.
• Growth mindset, with curiosity and motivation to expand skills in Cybersecurity GRC.

Soft Skills Alignment:

• Accountability & Ownership: Takes responsibility for assigned tasks and demonstrates leadership over defined workstreams.
• Communication: Able to clearly explain findings and outcomes to both technical and non-technical audiences.
• Collaboration: Works effectively across teams and geographies, contributing to shared goals.
• Problem-Solving: Demonstrates initiative in identifying risks/issues and proposing practical solutions.
• Adaptability & Growth: Seeks feedback, adjusts in dynamic environments, and shows a strong desire to grow into higher responsibility roles.

Reporting Relationships

Vice President, Cybersecurity Governance and Compliance

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.