Risk Management Analyst

Overview:

As a Risk Management Analyst, you are responsible for planning, managing, and coordinating various cybersecurity risk management activities focused on identifying, assessing, and mitigating risks for Origami from a business perspective. 

Starting base pay for this role is between $56,000 and $70,000. The actual base pay is dependent upon many factors, such as transferable skills, work experience, business needs, training, location, and market demands. The base pay range is subject to change and may be modified in the future. This role will be eligible for a bonus as well as competitive medical, dental, and vision benefits, wellness reimbursement, life insurance, and a 401(k) with company match. We offer vacation and sick leave benefits (under a flexible time off policy in most states). 

• Performs focused cybersecurity risk assessments of existing or new business processes, services and technologies, along with business counterparts. 

• Communicates cybersecurity risk assessment findings internally within InfoSec team and other team owners and business counterparts. 

• Provides consultative advice to cybersecurity governance or security teams that enables them to suggest informed risk mitigation decisions. 

• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk. 

• Assists in the maintenance of standard language provided to existing and new clients. 

• Maintains strong working relationships with individuals and groups involved in managing cybersecurity risks across the organization. 

• Identifies control deficiencies and maintains records of deficiency details including management response documentation and exposure check evidence.  

• Supports evidence collection and documentation for internal and external audits. 

• Stays up-to-date on the latest cybersecurity regulations and compliance obligations. 

• Other duties as assigned. 

• Bachelor’s degree or equivalent experience. 

• Approximately 2 years of experience in cybersecurity, especially in an information risk analysis role and/or IT audit role. 

• Proficiency in risk management software and tools. 

• Strong analytical and problem-solving skills. 

• Excellent verbal and written communication skills. 

• Excellent team player. 

• Project management experience.  

• Preferred: Experience with ISO 27001, NIST 800-53, and SSAE 18/SOC audits   

• Preferred: Relevant security or security audit and compliance certifications (i.e., Security+, CISA, CRISC, CISSP)