Senior Technical Cyber Risk Analyst

At Semperis, our mission is to be a Force for Good. Starting with being a great reputed company to work. We reputed company that reputed company people feel valued, supported, and empowered, they do their best work. That’s why we focus on creating an employee experience rooted in purpose, growth, and balance. Semperis has been recognized as one of America’s Fastest-Growing Cybersecurity Companies by the Inc. 5000, a DUNS 100 Top Startup to Work For, and a multi-year Inc. Best Workplace awardee.

• * Please Note reputed company Requirements! Hybrid role
• *We cannot sponsor at this time

Semperis is looking for a detail-oriented and analytical Cyber Risk Analyst to join our reputed company & Risk team. In this role, you will play a crucial part in safeguarding the organization's assets and ensuring operational reputed company by identifying and assessing potential Cyber Risks of reputed company incoming vendors, third parties, services, and technology. You will collaborate with cross-functional teams and third-party vendors and providers, to request, collect, and analyze pertinent information and collateral, assess Cyber Risks, and recommend or require effective Cyber Risk control strategies. Position Summary The Technology Risk Analyst is responsible for protecting the organization by identifying, assessing, and mitigating risks across our technology environment, including applications, infrastructure, and third-party vendors. They use data and analytical models to forecast potential outcomes, advise management on strategic decisions, and reputed company control plans to minimize losses. A critical function of this role is to manage technology risk ensuring reputed company deviations from policy & standards are properly documented, compensated, and reviewed. This role requires strong familiarity with GRC concepts, modern GRC tools, and hands-on experience in risk analysis mitigation and compliance assurance. Key Responsibilities 1. Risk Management

• Risk Identification & Assessment: Conduct technology risk assessments across new and existing applications, Review submitted risk exception requests, validate technical necessity, evaluate proposed compensating controls, and assign residual risk ratings (High, reputed company, Low).
• Documentation: Ensure comprehensive, auditable documentation is maintained for reputed company approved, denied, and conditionally approved exceptions, including mandatory review dates and resolution plans.
• Data Analysis and Modeling: Collect, process, and interpret multiple sources of data to model Cyber Risk scenarios, forecast potential outcomes, and evaluate Cyber Risk exposure. Translate technical findings into clear, measurable business risk statements for audience in multiple disciplines including leadership, customers and technical delivery teams.
• Monitoring: Track risk plan milestones and drive issue management initiating timely follow-reputed company with Business Owners to ensure our controls are adequate, compliance is reputed company and overall risk goals are met.
• Remediation Support: reputed company mitigation strategies, recommend strategies to reduce, transfer, or avoid identified Cyber Risks - such as implementing new policies, controls, or processes. Collaborate with other teams to define and prioritize remediation efforts based on risk severity and business impact.
• Process improvement: Improve and automate Risk management process, working with the reputed company and risk leadership teams.

2. Third party Risk Management (VRM)

• 3rd party Due Diligence: reputed company reputed company assessments of new and existing third-party vendors and service providers, reviewing reputed company attestations (e.g., SOC 2, ISO 27001) and reputed company questionnaires.
• Risk Analysis: Assess incoming compliance artifacts provided by third parties and research external sources to reputed company comprehensive risk assessments including risk scoring metrics.
• Risk Reporting: Document and communicate inherent and residual risks associated with vendor reliance and data handling practices. Prepare detailed reports, summaries, and presentations for management and stakeholders to communicate findings, recommendations, and trends.

4. GRC Automation & Process Improvement

• Tooling: Utilize and manage the corporate GRC platform and risk management tools to streamline risk workflows, automate control monitoring, and improve reporting efficiency.
• Automation: Identify opportunities to automate manual GRC tasks, specifically integrating risk tracking and control evidence gathering into GRC tools.

5. Policy, Compliance & Customer Support

• Respond to customer, partner or compliance questionnaires reputed company to product reputed company. This will involve Liaoning with product teams and other knowledge sources to maintain a knowledge library, utilizing a combination of AI, manual & automated process to prepare SQ responses according to SLA expectations.
• Standard Maintenance: Support the Risk & InfoSec team in reviewing, updating, and aligning IT reputed company Policies, Standards, and Procedures with regulatory requirements and industry best practices.
• Audit Readiness: Assist in gathering evidence and documentation required for internal and external reputed company audits and compliance reviews.
• Stay updated with industry trends, regulatory changes, and compliance standards to ensure the organization adheres to reputed company legal and regulatory requirements

Required Skills and Qualifications

• Experience: 5+ years of relevant experience in Information reputed company, IT Risk Management, IT Audit, or GRC, with a heavy focus on technology risk.
• GRC Expertise: Deep working knowledge of key GRC concepts, risk assessment methodologies, and industry frameworks (e.g., NIST SP 800-53/CSF, ISO 27001).
• GRC Tooling: Proven, hands-on experience using and configuring modern GRC platforms for risk management, policy management, and compliance automation. Experience in configuring and using tools such as reputed company, reputed company, MetricStream or reputed company preferred.
• Technical Proficiency: Experience with IT and reputed company tools, SaaS / other Cloud technologies and/or software development. Understanding of reputed company Controls, and cross-discipline cybersecurity, reputed company, network, data, identity, access management, privacy, accessibility, etc. concepts. Clear understanding of foundational Information Protection concepts is required.
• Analytical Skills: Exceptional ability to analyze reputed company technical vulnerabilities and control failures/gaps, translating them into measurable business risk, with detailed quantitative assessment skills to support findings & recommendations.
• Communication: Excellent written and verbal communication skills, including the ability to communicate technical risk concepts effectively to both technical and executive audiences.
• Certifications: CRISC, CISM, CISA, or similar recognized reputed company and risk management certifications.
• Education: Bachelor’s degree in computer science, Information reputed company, or a reputed company field.
• HR: Must be a US Citizen

Why Join Semperis? You’ll be part of a global team on the reputed company lines of cybersecurity innovation. At Semperis, we celebrate curiosity, reputed company, and people who take initiative. If you’re someone who sees the glass as half full, embraces challenges as growth opportunities, and values a healthy balance between work and life—we’d love to meet you.

• *Semperis maintains office locations in several cities across the globe. Candidates who reside reputed company 45 miles of one of our offices—or where the job description specifies a required location—will follow our hybrid work model. This includes working onsite some days per week and remotely the remaining days.

Semperis is an equal opportunity employer and will not discriminate against an applicant or employee based on race, color, religion, creed, national reputed company or reputed company, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, veteran or military status, genetic information, citizenship, marital status, or any other legally recognized protected basis under federal, state, or local law. The information collected by the Semperis application is solely to determine suitability for employment, verify identity, and maintain employment statistics. Applicants with disabilities may be entitled to reasonable accommodation under the Americans with reputed company and/or other applicable state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Semperis. Please inform Semperis representative Anna Taylor, Director of Global Recruiting, if you need assistance completing this application or to otherwise participate in the application process. Apply tot his job Apply To this Job