Semperis

Compensation

Full Description

At Semperis, our mission is to be a Force for Good. Starting with being a great place to work. We believe that when people feel valued, supported, and empowered, they do their best work. That’s why we focus on creating an employee experience rooted in purpose, growth, and balance. Semperis has been recognized as one of America’s Fastest-Growing Cybersecurity Companies by the Inc. 5000, a DUNS 100 Top Startup to Work For, and a multi-year Inc. Best Workplace awardee. ** Please Note all Requirements! Hybrid role **We cannot sponsor at this time Semperis is looking for a detail-oriented and analytical Cyber Risk Analyst to join our Security & Risk team. In this role, you will play a crucial part in safeguarding the organization's assets and ensuring operational resilience by identifying and assessing potential Cyber Risks of all incoming vendors, third parties, services, and technology. You will collaborate with cross-functional teams and third-party vendors and providers, to request, collect, and analyze pertinent information and collateral, assess Cyber Risks, and recommend or require effective Cyber Risk control strategies. Position Summary The Technology Risk Analyst is responsible for protecting the organization by identifying, assessing, and mitigating risks across our technology environment, including applications, infrastructure, and third-party vendors. They use data and analytical models to forecast potential outcomes, advise management on strategic decisions, and develop control plans to minimize losses. A critical function of this role is to manage technology risk ensuring all deviations from policy & standards are properly documented, compensated, and reviewed. This role requires strong familiarity with GRC concepts, modern GRC tools, and hands-on experience in risk analysis mitigation and compliance assurance. Key Responsibilities Risk Management Risk Identification & Assessment: Conduct technology risk assessments across new and existing applications, Review submitted risk exception requests, validate technical necessity, evaluate proposed compensating controls, and assign residual risk ratings (High, Medium, Low). Documentation: Ensure comprehensive, auditable documentation is maintained for all approved, denied, and conditionally approved exceptions, including mandatory review dates and resolution plans. Data Analysis and Modeling: Collect, process, and interpret multiple sources of data to model Cyber Risk scenarios, forecast potential outcomes, and evaluate Cyber Risk exposure. Translate technical findings into clear, measurable business risk statements for audience in multiple disciplines including leadership, customers and technical delivery teams. Monitoring: Track risk plan milestones and drive issue management initiating timely follow-ups with Business Owners to ensure our controls are adequate, compliance is assured and overall risk goals are met. Remediation Support: Develop mitigation strategies, recommend strategies to reduce, transfer, or avoid identified Cyber Risks - such as implementing new policies, controls, or processes. Collaborate with other teams to define and prioritize remediation efforts based on risk severity and business impact. Process improvement: Improve and automate Risk management process, working with the security and risk leadership teams. Third party Risk Management (VRM) 3rd party Due Diligence: Perform security assessments of new and existing third-party vendors and service providers, reviewing security attestations (e.g., SOC 2, ISO 27001) and security questionnaires. Risk Analysis: Assess incoming compliance artifacts provided by third parties and research external sources to develop comprehensive risk assessments including risk scoring metrics. Risk Reporting: Document and communicate inherent and residual risks associated with vendor reliance and data handling practices. Prepare detailed reports, summaries, and presentations for management and stakeholders to communicate findings, recommendations, and trends. GRC Automation & Process Improvement Tooling: Utilize and manage the corporate GRC platform and risk management tools to streamline risk workflows, automate control monitoring, and improve reporting efficiency. Automation: Identify opportunities to automate manual GRC tasks, specifically integrating risk tracking and control evidence gathering into GRC tools. Policy, Compliance & Customer Support Respond to customer, partner or compliance questionnaires related to product security. This will involve Liaoning with product teams and other knowledge sources to maintain a knowledge library, utilizing a combination of AI, manual & automated process to prepare SQ responses according to SLA expectations. Standard Maintenance: Support the Risk & InfoSec team in reviewing, updating, and aligning IT Security Policies, Standards, and Procedures with regulatory requirements and industry best practices. Audit Readiness: Assist in gathering evidence and documentation required for internal and external security audits and compliance reviews. Stay updated with industry trends, regulatory changes, and compliance standards to ensure the organization adheres to all legal and regulatory requirements Required Skills and Qualifications Experience: 5+ years of relevant experience in Information Security, IT Risk Management, IT Audit, or GRC, with a heavy focus on technology risk. GRC Expertise: Deep working knowledge of key GRC concepts, risk assessment methodologies, and industry frameworks (e.g., NIST SP 800-53/CSF, ISO 27001). GRC Tooling: Proven, hands-on experience using and configuring modern GRC platforms for risk management, policy management, and compliance automation. Experience in configuring and using tools such as Archer, ServiceNow, MetricStream or Vanta preferred. Technical Proficiency: Experience with IT and Security tools, SaaS / other Cloud technologies and/or software development. Understanding of Security Controls, and cross-discipline cybersecurity, endpoint, network, data, identity, access management, privacy, accessibility, etc. concepts. Clear understanding of foundational Information Protection concepts is required. Analytical Skills: Exceptional ability to analyze complex technical vulnerabilities and control failures/gaps, translating them into measurable business risk, with detailed quantitative assessment skills to support findings & recommendations. Communication: Excellent written and verbal communication skills, including the ability to communicate technical risk concepts effectively to both technical and executive audiences. Certifications: CRISC, CISM, CISA, or similar recognized security and risk management certifications. Education: Bachelor’s degree in computer science, Information Security, or a related field.ot be sufficient) Why Join Semperis? You’ll be part of a global team on the front lines of cybersecurity innovation. At Semperis, we celebrate curiosity, integrity, and people who take initiative. If you’re someone who sees the glass as half full, embraces challenges as growth opportunities, and values a healthy balance between work and life—we’d love to meet you. **Semperis maintains office locations in several cities across the globe. Candidates who reside within 45 miles of one of our offices—or where the job description specifies a required location—will follow our hybrid work model. This includes working onsite three days per week and remotely the remaining days. Semperis is an equal opportunity employer and will not discriminate against an applicant or employee based on race, color, religion, creed, national origin or ancestry, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, veteran or military status, genetic information, citizenship, marital status, or any other legally recognized protected basis under federal, state, or local law. The information collected by the Semperis application is solely to determine suitability for employment, verify identity, and maintain employment statistics. Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and/or other applicable state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Semperis. Please inform Semperis representative Anna Taylor, Director of Global Recruiting, if you need assistance completing this application or to otherwise participate in the application process.