We are searching for a Security Risk Analyst!

First off, what is CyberGRX?

CyberGRX provides enterprises and their third parties with the most cost-effective and scalable approach to third-party cyber risk management today. Built on the market's first third-party cyber risk Exchange, CyberGRX arms organizations with a dynamic stream of third party-data and advanced analytics so they can efficiently manage, monitor and mitigate risk in their partner ecosystems.

What does a Security Risk Analyst do at Cyber GRX?

Using the proprietary CyberGRX methodology, the Security Risk Analyst is responsible for evaluating evidence to validate third-party risk assessment results. This task will include working with both internal CyberGRX Analysts, as well as external partners who have been certified on the CyberGRX methodology. The Risk Analyst will work closely with the Customer Success team to ensure validation of controls, evaluation of evidence, and close-out of assessments is completed in accordance with agreed upon service level agreements.

What you bring to the table:

• You have an undergraduate or graduate degree in a technical field of study related to Information Technology, Information Security, or other related discipline
• You possess one or more of the following certifications: CISSP, CISA, CISM, CEH, CRISC, or GSEC (or other DoD 8570 IAT Level III certification)
• You’ve got some cybersecurity assessment and risk management experience
• You have hands-on technical experience in one or more of the following security control areas: identity & access management, vulnerability & configuration management, data protection, network security, asset management, incident response, or application security
• You have worked in one or more of the following areas: Financial Services, Energy, Healthcare, or Retail
• You understand various regulatory and compliance standards and frameworks including, but not limited to: NIST 800-53, PCI, COBIT, ISO 27002, SANS Top 20, HIPAA, or FFIEC
• You enjoy prioritizing assignments and maximizing efficiencies in order to meet strict deliverable deadlines
• You have awesome problem-solving skills and you work well unsupervised
• You’re great at communicating key metrics, issues, and risks to senior leadership
• You love working with a range of personalities from extremely technical staff members to non-technical business leaders
• You’ve had some exposure to third-party information security audit & assessments (Preferred)

Why you want to work for CyberGRX:

• We offer a competitive base salary (commensurate with experience) plus incentive compensation
• We have an incredible benefits package including:
• Company paid medical/dental/vision
• 401(k)
• Company paid commuter benefits
• Flexible Vacation - Take as much time off as you'd like! Recharging the batteries is encouraged.
• Generous Stock Options
• We’re centrally located in LoDo. (A short walk from Union Station)
• Relaxed dress code – We want you to be comfortable doing what you love, so hang your professional clothing up for another occasion
• We are doing new and exciting things and have big plans for growth!

CyberGRX does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.