Role Overview
As an Information Security Risk Analyst, you will play a central role in identifying, evaluating, and managing cybersecurity risks across the enterprise. You will apply recognized risk methodologies to assess both inherent and residual risks, develop treatment strategies, and ensure accountability through clear ownership. Your work will directly support the ongoing improvement of the organization’s security posture and risk governance.
Key Responsibilities
- Evaluate security risks by analyzing likelihood and impact, then define appropriate responses, ownership, and mitigation plans.
- Establish and monitor key performance and risk indicators to track the effectiveness of security programs and report insights to leadership and oversight groups.
- Lead enterprise-wide risk assessments using standards such as NIST 800-30 and maintain a centralized risk register to document findings and actions.
- Manage third-party risk by reviewing security documentation, conducting assessments, and evaluating controls for vendors and partners.
- Keep the vendor risk inventory and risk register current, tracking exceptions, remediation timelines, and ongoing monitoring requirements.
- Design and deliver security awareness training, including role-specific content, phishing simulations, and incident reporting education.
- Support audits and compliance initiatives by providing risk evidence and documentation for standards such as NIST 800-53, ISO 27001, SOC 2, PCI, FedRAMP, and GovRAMP.
- Collaborate with teams across the organization to identify risks in systems and processes, ensuring risks are properly understood, prioritized, and managed in line with risk tolerance.
Qualifications
- 4–6 years of experience in information security, risk assessment, or a related discipline.
- Proven background in managing enterprise and third-party risk programs, maintaining risk registers, and delivering security training.
- Experience supporting compliance audits for frameworks such as NIST 800-53, ISO 27001, SOC 2, PCI, or FedRAMP/GovRAMP.
- Security+, GSEC, or a comparable certification is required.
- Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or a related field is preferred.
Technical Environment
Experience with NIST 800-30 and 800-53, ISO 27001, SOC 2, PCI DSS, FedRAMP, GovRAMP, and cloud platforms including AWS, Azure, and GCP is essential to success in this role.
Compensation and Benefits
The salary range for this position is $80,200 to $117,100, with the final offer based on skills, experience, and qualifications. The role is full-time and supports a 40-hour work week.
Benefits include comprehensive health, dental, and vision insurance, a 401(k) plan, and Flexible Time Off to support work-life balance.
Work Environment
This role may be performed remotely or from a physical office location, with flexibility based on team and operational needs.
Company Culture
The organization values innovation, collaboration, and open communication. Leadership is approachable, authenticity is encouraged, and employee growth is actively supported. Team achievements are recognized, and a culture of continuous learning is central to long-term success.
Equal Opportunity
This employer is committed to equal employment opportunity and welcomes diversity in the workplace. All qualified applicants will be considered without regard to race, color, religion, gender, sexual orientation, national origin, disability, or protected veteran status. Accommodations are available upon request during the hiring process.
