Risk Analyst
Arlington, Virginia
100% Remote
Full Time
$98k - $138k
Risk Analyst
The Risk Analyst is responsible for ensuring the Firm consistently assesses risk and maintains a culture of risk awareness. Reporting to the Director of Information Security and Assurance, the Risk Analyst manages a focused, thematic risk and control program for rigorously assessing cyber, technology, and operational risks, registering and tracking issues to completion, and reporting these issues to the CISO and other stakeholders. Additionally, the Risk Analyst implements the Firm’s security awareness and training program. This role requires hands-on, collaborative work with stakeholders and IT implementers.
The company is located in Washington D.C. and will remain 100% remote.
What You Will Be Doing:
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.
The Risk Analyst is responsible for ensuring the Firm consistently assesses risk and maintains a culture of risk awareness. Reporting to the Director of Information Security and Assurance, the Risk Analyst manages a focused, thematic risk and control program for rigorously assessing cyber, technology, and operational risks, registering and tracking issues to completion, and reporting these issues to the CISO and other stakeholders. Additionally, the Risk Analyst implements the Firm’s security awareness and training program. This role requires hands-on, collaborative work with stakeholders and IT implementers.
The company is located in Washington D.C. and will remain 100% remote.
What You Will Be Doing:
- Define, document, and oversee the Firm’s Risk Management program, including processes for identifying, categorizing, assessing, and registering risks; assigning owners; determining dispositions; and tracking issues to completion.
- Classify, assess, and monitor risks associated with clients.
- Manage the client risk program by reviewing assessments alongside SOC 2 reports and ISO certifications, confirming client controls, and advising on any gaps.
- Research security controls and translate findings into actionable insights and strategies.
- Define, document, and manage the Firm’s Security Awareness and Training program, ensuring that training content is current, appropriate, and consistently delivered.
- Regularly report program progress to the CISO and other senior stakeholders, using defined Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to highlight control adoption gaps and identify areas of strength.
- A Bachelor's degree in Computer Science or Engineering is preferred; an advanced degree and CISSP certification are also highly desirable.
- A minimum of 5 years of experience in cybersecurity, technology audits, and third-party security risk assessments is required.
- Strong proficiency with risk assessment software such as ServiceNow, Archer, IBM® OpenPages®, or C2C MyRiskAssessor, and/or familiarity with security training software like Proofpoint, Skillsoft, or KnowBe4.
- Exceptional time-management skills, consistent and reliable follow-through, and punctual delivery.
- Excellent written and oral communication skills.
- Experience with a Big 4 firm is preferred.
Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.