At CyberGRX we’re dedicated to helping organizations streamline their third-party cyber risk programs. We believe the process can be more efficient and effective, and we make it our mission to ensure our customers are getting the most out of our innovative Exchange, every day. It’s a game-changer for our clients - so we need our colleagues to be game-changers, too. You’ll get to work with a small, highly motivated, highly skilled team solving some of the biggest issues facing the world’s most influential companies.

Roles and Responsibilities:

Using the proprietary CyberGRX methodology, the Risk Analyst is responsible for evaluating evidence to validate third-party risk assessment results. This task will include working with both internal CyberGRX Analysts, as well as external partners who have been certified on the CyberGRX methodology. The Risk Analyst will work closely with the Customer Success team to ensure validation of controls, evaluation of evidence, and close-out of assessments is completed in accordance with agreed upon service level agreements.

You are expected to be familiar with basic and advanced information technology and cybersecurity controls across multiple control standards. You will have experience planning, executing, and out-briefing security assessments for a variety of organizations and information systems. You will be able to effectively communicate technical security concepts to non-technical individuals.

Skills and experience you possess:

• Undergraduate or graduate degree in a technical field of study related to Information Technology, Information Security, or other related discipline
• One or more of the following certifications: CISSP, CISA, CISM, CEH, CRISC, or GSEC (or other DoD 8570 IAT Level III certification)
• Minimum 5 years cybersecurity assessment and risk management experience
• Recent hands-on technical experience in one or more of the following security control areas: identity & access management, vulnerability & configuration management, data protection, network security, asset management, incident response, or application security
• Industry experience in one or more of the following areas: Financial Services, Energy, Healthcare, or Retail
• Understanding of various regulatory and compliance standards and frameworks including, but not limited to: NIST 800-53, PCI, COBIT, ISO 27002, SANS Top 20, HIPAA, or FFIEC
• Experience prioritizing assignments and maximizing efficiencies in order to meet strict deliverable deadlines
• Strong problem-solving skills and ability to work well unsupervised
• Ability to communicate key metrics, issues, and risks to senior CyberGRX leadership
• Professional written and oral communication skills
• Ability to work with a range of personalities from extremely technical staff members to non-technical business leaders
• Recent experience conducting third-party information security audit & assessments (Preferred)
• Strong understanding of emerging cyber security regulations within and across different industries (Preferred)

What we have to offer you:

• Competitive base salary commensurate with experience plus incentive compensation
• Rich benefits package including full medical/dental/vision, 401(k), commuter benefits, and more
• Open Time Off Policy
• Generous Stock Options
• Centrally located office in LoDo right near Union Station

CyberGRX does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.