Information Security Risk Assessment Senior Analyst

This is an exciting opportunity to join a growing global company in the cloud-based software industry! As a Security Risk Assessment Sr. Analyst, you will support the Information Security

Risk Management Program which is part of the organization’s InfoSec Governance, Risk, and Compliance (GRC) team.

Responsibilities:

• Conduct security risk assessments to identify, score and document potential risks from
• threats and vulnerabilities within the organization's infrastructure and applications.
• Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
• Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
• Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
• Maintain security risk register and ensure timely updates of the risk register.
• Contribute to performing risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization.
• Contribute to developing detailed reports and presentations on risk assessments, including identified aggregated top risks, risk treatment progress, trending and escalation. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management.
• Actively contributes to the administration, maintenance and process improvements of the GRC risk assessment program.

Requirements:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in security risk assessment, with strong background in cybersecurity and risk management, with hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.
• Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.
• Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).
• Experience with security risk remediation programs, including technical implementation and compliance considerations.
• Excellent communication skills, capable of translating technical concepts into actionable insights for both technical and non-technical stakeholders.
• Experience in identifying process improvements and enhancing operational efficiencies within security programs.
• Experience with GRC Risk Management tool including tool implementation will be plus

Preferred Skills:

• Experience with security assessment tools and methodologies.
• Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).
• Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.
• Certifications like PMP, CISSP, or CISM are a plus but not required.