We are searching for a Security Risk Analyst! 

First off, what is CyberGRX?  

CyberGRX provides enterprises and their third-party vendors with the most cost-effective and scalable approach to cyber risk management. Built on the market's first third-party cyber risk Exchange, CyberGRX combines both third-party vendors and enterprise organizations in one easy-to-navigate platform to streamline the risk assessment process. 63% of data breaches are linked to a third party and CyberGRX arms organizations with the data and advanced analytics so they can efficiently manage, monitor and mitigate risk in their partner ecosystems. 

What does a Security Risk Analyst do at CyberGRX? 

The Security Risk Analyst reports directly to the Manager of Assessment Operations and works with a team of Analysts and partner Assessors as a part of the Assessment Operations team. This role reviews evidence provided by third parties for CyberGRX validation and performs quality control (QC) for validation completed by our partner Assessors. The Security Risk Analyst also serves as a subject matter professional to CyberGRX and works closely with the Assessment Coordination and Customer Success teams. 

What a day in the life looks like: 

• Evaluate evidence and artifacts provided by third parties via multiple communications channels (data repository, web conference, or onsite). 
• Assist with the QC of validated assessments performed by partners and team members.  
• You will use industry recognized audit practices to verify assessment responses provided by third parties. 
• Assist with communicating Assessment Operation priorities to the Product Team and stakeholders.  
• You will contribute to strategic discussions involving risk assessment methodology.  
• Serve as a third party cyber risk management subject matter professional to CyberGRX. 
• Respond to Assessment Coordinator and Customer Success action items. 

What you bring to the table: 

• You possess one or more of the following certifications: CISSP, CISA, CRISC, or GSEC (or applicable equivalent). 
• You have at least 6years of third-party information security audit & assessment experience. 
• You have hands-on technical experience in one or more of the following security control areas: identity & access management, vulnerability & configuration management, data protection, network security, asset management, incident response, or application security. 
• You understand various regulatory and compliance standards and frameworks including, but not limited to: NIST 800-53, PCI, COBIT, ISO 27002, SANS Top 20, HIPAA, or FFIEC. 
• You enjoy prioritizing assignments and maximizing efficiencies in order to meet strict deliverable deadlines. 
• You have strong problem-solving skills and you work well unsupervised. 
• You’re great at communicating key metrics, issues, and risks to senior leadership. 
• You thrive working with a range of personalities from extremely technical staff members to non-technical business leaders. 
• You have worked in one or more of the following areas: Financial Services, Energy, Healthcare, Insurance or Retail (preferred). 

Why you want to work for CyberGRX: 

• We offer a competitive base salary (commensurate with experience) plus incentive compensation.  
• We have an incredible benefits package including: 
  • 100% Company paid medical/dental/vision for employees & generous company contribution for dependent health benefits  
  • 401(k) program, including employer match up to 3% of your base salary 
  • $100/month stipend to use for wellness and WFH expenses 
  • Open Time Off policy - Take the time you need! Recharging the batteries is encouraged. 
  • Equity – Acting like an owner is one of our Core Values 
• Remote Friendly Work Environment *We are 100% remote for the time being, but are actively seeking new office space in the centrally located LoDo area in downtown Denver when Colorado guidelines permit a safe return to an office setting 
• Relaxed dress code – We want you to be comfortable doing what you love, so hang your professional clothing up for another occasion. 
• Free Eco Pass for local Denver employees – when we are back in the office. 
• We are doing new and exciting things and have big plans for growth! 

Annual Base Salary Range: $80,000 – $110,000 

Annual Bonus Potential: 10% of your base salary 

We encourage you to apply if this role excites you - even if you think you may not have the exact skillset. We believe in cultivating an environment where there is a diversity of perspectives, in hopes that we can all thrive in an inclusive environment.   

CyberGRX does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.