Information Risk Analyst - GRC

Posted 8 months agoInactiveViewed

76000.0 - 149000.0 USD per year

United StatesFull-Time

Company:MongoDB

Location:United States

Seniority level:Senior, 3–5 years

Experience:3–5 years

Skills:

AWSCloud ComputingCybersecurityGCPAzureREST APIComplianceRisk Management

Requirements:

3–5 years of hands-on experience in information risk, security assessment, compliance, or related functions Strong understanding of risk frameworks (NIST RMF, ISO 27005, FAIR, etc.) and control standards (ISO 27001, NIST 800-53, CIS, etc.) Experience with GRC platforms (e.g. ServiceNow, JIRA, Auditboard, etc) Experience in reviewing and understanding of cloud environments (AWS, Azure, GCP) and associated risk considerations

Responsibilities:

Perform qualitative and quantitative risk analysis for systems, applications, business processes, vendors, and organizational changes. Lead risk assessments across various sources, including but not limited to: Information security, Third-party/vendor risk, Regulatory and compliance driven audit gap assessments and findings (eg: ISO27001, NIST CSF, SOC 2, ISO9001, HDS, PCI, etc), Findings from internal assessments, security incidents, vulnerability scans, penetration tests, business continuity and disaster recovery (BC/DR) findings, and other sources Collaborate with stakeholders to develop and document risk treatment plans, mitigation strategies, and timelines Support the maturation of the Information Risk Management program by contributing to The development & maintenance of policies, procedures, standards, and templates Become an effective part of the trusted advisory team, to technical and non-technical stakeholders by providing risk guidance that is aligned to business objectives