Senior Security Risk Analyst

TL;DR

Senior Security Risk Analyst (Cybersecurity): Managing the full lifecycle of security risks and issues for a technology ecosystem with an accent on technical risk translation, cloud & SaaS security partnership, and risk governance. Focus on applying quantitative risk models, automating GRC processes, and ensuring compliance with security frameworks.

Location: Onsite in Austin, Texas, United States. This position reports to our Director, GRC in the Austin office.

Salary: $111,760.00 - $153,670.00 USD Annual

Company

hirify.global is a company with a Governance, Risk, and Compliance (GRC) organization focused on managing security risks across its technology ecosystem.

What you will do

• Manage the full lifecycle of security risks and issues, identifying practical treatments aligned with business goals.
• Translate complex technical findings into clear, actionable risk statements for stakeholders at all levels.
• Collaborate with Engineering and Security Architect teams to evaluate and assess the security posture of the technology ecosystem.
• Apply qualitative and quantitative risk methodologies (FAIR) to score and prioritize issues, understanding potential financial impact.
• Identify opportunities to automate risk workflows and reporting to optimize GRC processes.
• Maintain the risk register, track Key Risk Indicators (KRIs), and support alignment with security frameworks like ISO/IEC 27001, SOC 2, and NIST CSF.

Requirements

• Bachelor’s degree and 6+ years of direct experience in cloud security, cybersecurity engineering, or technical risk management.
• Experience working in high-growth SaaS or cloud-native environments is required.
• Understanding of cloud infrastructure security (AWS, GCP, or Azure) and security frameworks (NIST CSF, ISO 27001).
• Proficiency in qualitative risk assessment methodologies and awareness of quantitative methodologies like FAIR.
• Strong technical depth with a risk-based, pragmatic mindset and exceptional communication and presentation skills.
• Proven ability to work independently, take ownership of tasks, and prioritize effectively in dynamic environments.

Nice to have

• Familiarity with DevOps, CI/CD security controls, and Infrastructure security.
• Certifications such as CRISC, CISM, CISSP or cloud provider certifications.
• Experience utilizing a GRC platform for risk registering.

Culture & Benefits

• Procore will consider all qualified applicants, including those with arrest or conviction records, in accordance with applicable federal, state, and local laws.