Job Overview: The Senior Risk Analyst/Specialist/Consultant will play a pivotal role in safeguarding our company’s information assets and ensuring compliance with industry standards and regulations. This position involves identifying, assessing, and mitigating risks associated with information security across our software products, corporate environment, and third-party suppliers. The role will support corporate risk management programs, and certifications including PCI DSS, SOC2, and ISO 27001. The ideal candidate will possess deep knowledge of risk management frameworks, strong analytical skills, and the ability to help in the development, implementation, and execution of Corporate Risk Management and Third-Party Risk Management Programs. You will be responsible for working closely with cross-functional partners to evaluate risks and develop mitigation strategies, provide ongoing risk mitigation support, and lead various risk management projects.

• Lead and execute various risk-based risk assessments, analyze findings, document recommendations, and monitor and report on assessment results. Scope of risk assessments will include information security, cybersecurity, cloud security and third parties. • Evaluate the security posture and information security practices of third-party vendors and service providers; analyzing the collected information to assess the overall risk profile of third parties. • Prepare executive summaries and reports of IT Risk Profiles and Risk Assessments. • Collaborate with risk owners to ensure risk mitigation plans are developed and completed, tracking and reporting on the progress of the remediation plans on a regular basis. • Monitor the Risk Register by assessing and re-assessing likelihood, impact, and the risk rating of all items in the Risk Register on a regular basis to maintain up-to-date status. • Maintain the risk acceptance processes to calculate residual business risk after weighing application security gaps, compensating controls, and inherent risk scores against established security risk appetite and tolerance criteria. • Support integration and maturation of risk management frameworks and programs. • Contribute to the rollout and implementation of the new systems and process automations supporting Risk Management Programs. • Assist in customer and auditor requests for information regarding program operations. • All other duties as assigned.

• At least 5 years of experience in information security/technology risk management and/or third-party vendor management, preferably within a software development environment. • Proven experience in conducting security risk assessments, including third-party risk assessments. • Strong analytical and problem-solving skills. • Proficient in Word, Excel, PowerPoint, Visio, SharePoint, Confluence and JIRA. • In-depth knowledge of information security frameworks, standards, and best practices. • Ability to work independently and as part of a collaborative team. • Ability to communicate effectively in writing, in person and by telephone with all levels of the organization. • Applied knowledge of security risk frameworks, for example, ISO 27001, NIST Cyber Security Framework, CIS Controls and Cloud Controls Matrix. • Experience developing and deploying risk management frameworks and programs, including deploying of GRC tools is desirable. • Experience with automating reporting/creating report dashboards in tools such as Power BI is desirable. • Relevant certifications such as CISSP, CISM, CRISC, CTPRP, CTPSA, TPCRA, or equivalent.