Description :

Job Summary :

We are seeking an experienced Senior Security Risk / GRC Analyst to join our Information Security Risk Management team.

The role focuses on partnering with technical and business stakeholders to identify, assess, and manage inherent and residual security risks across enterprise initiatives.

The ideal candidate will have strong experience conducting internal risk assessments, implementing control requirements, and working within a mature GRC organization in a large enterprise environment.

This position plays a critical role in ensuring security risks are clearly articulated to leadership and effectively mitigated through technical and process-based controls.

Key Responsibilities :

Security Risk Assessment & Analysis :

- Conduct internal security risk assessments for enterprise initiatives and departmental projects.

- Perform initial scoping for assigned projects to identify potential security and compliance risks.

- Evaluate inherent and residual risks, recommending mitigation strategies aligned with business objectives.

- Analyze technical architecture diagrams, workflows, and system designs to identify control gaps.

Stakeholder Collaboration :

- Partner closely with Project Managers, technical teams, and business leaders to understand project scope, operations, and workflows.

- Advise project teams on risk mitigation through technical, procedural, or policy-based controls.

- Act as a trusted security advisor throughout project lifecycles.

GRC & Controls Management :

- Develop, implement, and maintain security control requirements aligned with internal policies and industry standards.

- Register findings, risks, and remediation actions within GRC platforms.

- Maintain and update a centralized risk library with assessment outcomes and control mappings.

- Support ongoing governance, risk acceptance, and remediation tracking processes.

Reporting & Documentation :

- Document risk assessments, findings, and recommendations in a clear and executive-friendly manner.

- Prepare reports and summaries for senior leadership, enabling informed risk-based decisions.

- Create and manage User Stories related to security risk remediation and control implementation.

Continuous Improvement :

- Contribute to the enhancement of risk assessment methodologies and GRC processes.

- Support the evolution of security risk frameworks in a large enterprise environment.

- Ensure alignment with best practices and regulatory expectations.

Required Skills & Qualifications :

Experience :

- 5+ years performing internal security risk assessments with technical teams.

- 5+ years working within a GRC organization.

- Recent experience working in a large enterprise environment (Fortune 50 preferred).

Tools & Technologies :

- Hands-on experience with Archer, ServiceNow, JIRA, and Rally.

- Experience documenting risks, controls, and remediation plans within GRC and workflow tools.

Core Competencies :

- Strong understanding of security risk management, control frameworks, and governance processes.

- Proven ability to analyze technical designs and translate findings into business-relevant risk statements.

- Experience creating and managing User Stories for security initiatives.

- Excellent written and verbal communication skills, particularly for leadership-level reporting.

Nice-to-Have / Preferred Qualifications :

- CRISC and/or CISM certification.

- Experience working in highly regulated or complex enterprise environments.

- Familiarity with security standards and frameworks (e.g., NIST, ISO 27001, CIS).