Staff Cybersecurity Analyst, Risk Management

About The Position

Requirements

• 5+ years of combined experience in cybersecurity, technology risk, enterprise risk management, or related fields.
• At least 3 years with primary responsibility for leading or owning a risk management function, program, or risk domain within an organization.
• Hands-on experience maintaining and operating risk registers and risk management tooling, including GRC, IRM, or dedicated risk platforms.
• Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001, including risk assessment/treatment concepts and control alignment.
• Demonstrated ability to influence risk treatment decisions, not just document them, by framing options, tradeoffs, and business impact for stakeholders.
• Strong analytical and quantitative risk skills, including building KRIs, basic risk modeling, scenario comparison, and trend analysis.
• High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation to improve risk processes.
• Excellent written and verbal communication skills with the ability to translate complex technical risks into concise, business-relevant narratives.
• Proven ability to work cross-functionally, build trust with stakeholders, and facilitate productive discussions in ambiguous situations.

Nice To Haves

• Experience with modern GRC/IRM or dedicated risk platforms and building risk dashboards for security leadership.
• Professional certifications such as CRISC, PMI-RMP, CISM, or similar.
• Experience in fast-paced, high-growth environments such as technology, automotive, or manufacturing, where speed, agility, and rigor are required.

Responsibilities

• Maintain and continuously improve the cybersecurity and crown-jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current.
• Track risk status from identification through treatment and closure, including documenting decisions, owners, due dates, dependencies, and evidence.
• Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture.
• Meet regularly with risk owners and functional leaders to gather updates, validate assumptions, and align on risk treatment plans and progress.
• Evaluate how risks propagate across systems, suppliers, processes, and programs; surface second-order and cascading impacts in risk narratives and dashboards.
• Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier-driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment.
• Help facilitate workshops and review sessions with business and technology leaders to clarify risk scenarios, tradeoffs, and treatment options.
• Use Rivian’s risk platform and AI-enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication.
• Maintain and evolve a Cybersecurity Risk Dashboard that provides an accurate, near real-time view of key risks, KRIs, and trends for leadership and governance forums.
• Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices.
• Identify gaps and friction in current risk processes and propose practical improvements to increase clarity, adoption, and impact.

Benefits

• annual performance bonus
• equity awards
• paid vacation
• paid sick leave
• life insurance
• medical insurance
• dental insurance
• vision insurance
• short-term disability insurance
• long-term disability insurance
• 401(k) Plan
• Employee Stock Purchase Program