Senior Risk Management Analyst (Hybrid - Seattle)

About The Position

Requirements

• Experience: 6-8 years of cybersecurity risk management experience with demonstrated leadership of cross-functional initiatives
• Proven track record of designing and implementing enterprise-level risk methodologies across multiple domains
• Experience managing external audit engagements and serving as primary liaison with auditors and risk stakeholders
• Demonstrated ability to align risk operations with strategic business objectives through medium-term planning
• Education: Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related field, or equivalent work experience
• Technical Knowledge: Expertise in multiple cybersecurity risk domains and frameworks (NIST CSF, ISO 27001, NIST RMF, CIS Controls, SOC 2, PCI DSS)
• Deep understanding of enterprise risk architecture and integrated control frameworks
• Knowledge of operational workflow design and process optimization for risk management
• Experience developing operational standards and quality criteria for risk management processes
• Skills: Advanced methodology development and enterprise framework design capabilities
• Excellence in stakeholder management and external audit relationship management
• Strong ability to facilitate senior leadership workshops and drive consensus on complex risk topics
• Ability to make significant commitments and design workflows within enterprise governance structures
• Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties and auditors
• Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit

Nice To Haves

• Advanced Education: Master's degree in Cybersecurity, Risk Management, or Business Administration valued
• Advanced Certifications: Multiple advanced professional certifications preferred (CISSP, CRISC, CISA, CISM)
• Specialized certifications valued (CISSP-ISSAP, CISSP-ISSEP, SABSA, TOGAF, or equivalent architecture/management certifications)
• Additional Experience: Experience with GRC platform implementation and management
• Background in consulting or audit firms focused on cybersecurity risk
• Experience leading enterprise-wide risk transformation initiatives
• Technical background with demonstrated proficiency in security tooling and automation

Responsibilities

• Methodology Design & Operational Standards Design comprehensive assessment methodologies for enterprise cybersecurity risks, creating frameworks that integrate multiple risk domains and align with business objectives
• Develop operational standards and quality criteria for risk management processes, ensuring consistency and effectiveness across the organization
• Design operational workflows that optimize risk management processes while maintaining audit trail integrity and regulatory compliance
• Implement integrated controls across multiple technology and business domains, ensuring comprehensive risk coverage and efficient resource utilization
• Third-Party & External Relationship Management Manage third-party risk assessments including external audit engagements, vendor security evaluations, and specialized consulting projects
• Serve as primary liaison with external auditors and risk stakeholders, representing the organization's cybersecurity risk posture and remediation efforts
• Make significant commitments for audit engagements, third-party risk assessments, and GRC platforms within established enterprise frameworks
• Strategic Alignment & Leadership Align operational activities with strategic objectives by participating in medium-term planning (6-18 months) and ensuring risk initiatives support business goals and regulatory expectations
• Lead senior stakeholder workshops on complex risk topics, facilitating decision-making and consensus-building around risk tolerance and treatment strategies
• Coordinate cross-functional risk initiatives across Security, IT, Legal, and Business teams to ensure comprehensive risk coverage and strategic execution
• Contribute to the strategic vision and roadmap for Enterprise Risk Management, developing reusable, scalable solutions to enhance program efficiency and support organizational growth
• Stakeholder Engagement & Risk Communication Educate senior stakeholders on cybersecurity risk requirements and emerging threats through workshops, strategic sessions, and consultation to improve organizational risk awareness and readiness
• Facilitate decision-making processes around complex risk scenarios, helping leadership understand risk tolerance options and treatment strategies
• Provide expert guidance on risk assessment and treatment across diverse business contexts and technical environments

Benefits

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources