Senior Security Risk Analyst

About The Position

Requirements

• Experience: Bachelor’s degree and 6+ years of direct experience in cloud security, cybersecurity engineering, or technical risk management. Experience working in high-growth SaaS or cloud-native environments is required.
• Technical Knowledge: Understanding of cloud infrastructure security (AWS, GCP, or Azure) and security frameworks (NIST CSF, ISO 27001). Be able to interpret the outputs of Security Architects and SecOps teams, understanding network diagrams, attack paths, and vulnerability reports.
• Risk Methodology: Proficiency in qualitative risk assessment methodologies and awareness of quantitative methodologies like FAIR.
• Skills: Strong technical depth with a risk-based, pragmatic mindset. Capable of translating complex technical issues into business impacts. Exceptional communication and presentation skills, with the ability to interact effectively with stakeholders at all levels. Provide critical thinking with strong analytical and problem-solving abilities.
• Independent Contributor: Proven ability to work independently, take ownership of tasks, and prioritize effectively in a dynamic environment. You are comfortable operating in fast-moving environments with evolving architectures.

Nice To Haves

• Familiarity with DevOps, CI/CD security controls, and Infrastructure security.
• Certifications such as CRISC, CISM, CISSP or cloud provider certifications.
• Experience utilizing a GRC platform for risk registering.

Responsibilities

• End-to-End Risk Management: Manage the full lifecycle of security risks and issues—from initial discovery through to resolution. You’ll partner with owners to identify risk treatments (remediation, mitigation, or acceptance) that are practical and aligned with business goals.
• Technical Risk Translation: Act as a "translator" between technical teams and the business. You’ll take complex findings and business issues and turn them into clear, actionable risk statements that stakeholders at all levels can understand.
• Cloud & SaaS Security Partnership: Collaborate with Engineering and Security Architect teams to evaluate the security posture of our technology ecosystem. You’ll assess risks and configuration issues related to IAM, network security, pen tests, and our internal SaaS application stack.
• Risk Analysis: Apply the right tool for the job to score and prioritize issues. This includes using qualitative methods for daily triage and learning to apply quantitative models (FAIR) to help the business understand the potential financial impact of high-priority risks.
• Operational Optimization & Automation: Help us move away from manual tracking. You’ll identify opportunities to automate risk workflows and reporting, making our GRC processes "DevOps-friendly" and scalable.
• Risk Governance & Register Management: Maintain the risk register, including ownership, treatment plans, and residual risk assessments. You’ll track Key Risk Indicators (KRIs) and help build dashboards that give leadership a real-time view of our security health.
• Compliance Enablement: You will support risk-based alignment with security frameworks such as ISO/IEC 27001, SOC 2, and NIST CSF / NIST 800-53.