Job Summary

• The Information Security Risk Team is responsible for the entire lifecycle of risk identification, assessment, and treatment, providing a quantified view of top risks to leadership.
• This role involves conducting and owning internal security assessments, applying risk methodology, producing risk memos, and collaborating with asset/risk owners.
• The position requires expertise in global regulations like DORA, FedRAMP, and NIS2, and involves maintaining risk procedures and dashboards.

Matching Summary

Salary

Base: $97,000 - $189,000 USD; Bonus/Equity: Not specified; Benefits: Equity, ESPP, PTO, parental leave, fertility assistance, 401(k), mental health counseling, health benefits

Skills & Requirements

Key Requirements

• 10+ years Information Security GRC experience
• Enterprise-level security risk assessments
• Evaluate control effectiveness technically
• Perform threat modeling
• NIST SP 800-30 methodology
• NIST CSF, NIST SP 800-53, ISO 27001
• DORA, NIS2, FedRAMP Rev 5 knowledge
• Bachelor's degree
• CRISC, CCSP, CISSP, CISA certifications

Work Rights