Security Risk Analyst
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Security Risk Analyst: Managing IT security policy exceptions and the organizational Risk Register with an accent on risk assessment, vendor compliance, and stakeholder negotiation. Focus on evaluating critical infrastructure risks, producing trending metrics, and ensuring alignment with industry frameworks like ISO 27001 and NIST.
Location: Must be authorized to work in the United States. Remote role with optional hybrid flexibility for those near offices; requires travel 2-4 times per year.
Salary: $72,000–$120,000
Company
A mission-driven, self-sustaining nonprofit organization dedicated to expanding educational and career opportunities.
What you will do
- Manage the organizational Risk Register, ensuring data quality and escalating audit actions.
- Analyze and evaluate IT security policy exceptions for on-prem and cloud environments.
- Present exception reports and risk assessments to executive leadership.
- Perform vendor risk assessments and reassessments to support the vendor management program.
- Develop and maintain trending metrics and reporting for risk and policy exceptions.
- Foster a culture of risk awareness and compliance across the organization.
Requirements
- 5-7 years of experience in IT Security Risk, Control Risk Registers, or policy exception management.
- Bachelor’s degree in computer science, cybersecurity, engineering, or IT management.
- Strong understanding of risk identification, scoring, mitigation, and tracking techniques.
- Authorization to work in the United States is mandatory.
- Excellent verbal and written communication skills with the ability to negotiate with stakeholders.
- Ability to travel 2-4 times per year for business purposes.
Nice to have
- Experience with GRC tools such as OneTrust.
- Knowledge of frameworks like ISO 27001, COBIT, NIST-CSF, NIST 800-53, or GDPR.
- Current security certification (CISSP, CRISC, CISM, CISA).
Culture & Benefits
- Meaningful, mission-driven work focused on education.
- Comprehensive benefits package designed to support employee well-being.
- Commitment to fair, transparent, and market-competitive compensation.
- Supportive team environment with a focus on continuous learning and growth.
- Encouragement to experiment with and adopt new AI-driven solutions.
Hiring process
- Application review followed by a recruiter screen and hiring manager interview.
- Performance exercise, panel interview, and leadership conversation.
- Reference checks.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →