Business and Security Risk Analyst

oneZero Financial Systems•Somerville, MA

3d•$85,000 - $105,000

About The Position

Come join oneZero Financial Systems! An exciting, fast-growing company with Headquarters in Somerville, MA, oneZero empowers banks, brokerages and hedge funds with cutting edge trade routing and execution technology. Our platform, deployed with 200+ entities globally, features a low-latency trading environment, integrations to the world’s leading execution venues, and reliable IT infrastructure and technical support—all designed to be customized and scaled to serve any business model and any size of market participant. We take pride in our great work atmosphere and highly motivated team of engineers. We are currently looking for a motivated and talented Business and Security Risk Analyst to join our team. oneZero is proud to have been named one of Business Intelligence Group's Best Places to Work for four consecutive years: https://www.onezero.com/awards/onezero-earns-recognition-as-a-2025-best-place-to-work/ The Boston Globe names oneZero a Top Place to Work in 2022, 2023, and 2024: https://www.onezero.com/homepage/the-boston-globe-names-onezero-a-top-place-to-work-for-third-year-in-a-row/ Job Purpose: The Business & Security Risk Analyst supports oneZero’s Enterprise Risk Management (ERM), information security, and regulatory risk programs by identifying, assessing, monitoring, and reporting risks that could impact the organization’s business operations, technology platforms, customers, and regulatory obligations. The role serves as a key operational contributor to risk governance, ensuring that security, compliance, and business risks are consistently evaluated, documented, and mitigated in alignment with oneZero’s risk appetite, client expectations, and applicable regulatory frameworks. This position enables leadership to make informed decisions through accurate risk analysis, metrics, and reporting.

Responsibilities

Support the day-to-day operation of oneZero’s Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation.
Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls.
Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives.
Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees.
Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero’s trading platform.
Assist in evaluating security risks associated with system changes, architecture decisions, and software development activities.
Contribute to ongoing monitoring of cybersecurity risks and emerging threats relevant to financial services and trading platforms.
Support vendor risk assessments, including security, privacy, business continuity, and financial risk reviews.
Track third-party risk findings, remediation plans, and contractually required controls.
Assist with due diligence responses to client and regulatory third-party risk inquiries.
Support internal and external audits, client assessments, and regulatory examinations by collecting evidence, responding to inquiries, and tracking action items.
Assist in maintaining alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC, regulatory client requirements).
Help prepare risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums.
Develop and maintain key risk indicators (KRIs), key performance indicators (KPIs), and management reports related to business and security risk.
Support preparation of materials for risk committees, management reviews, and executive reporting.
Ensure risk documentation, policies, and procedures remain current and consistent with organizational practices.
Work closely with engineering, IT, security, legal, compliance, product, and operations teams to embed risk management into business processes.
Act as a liaison between technical teams and non-technical stakeholders, translating risk findings into clear, actionable insights.