Job Specifications
At Semperis, our mission is to be a Force for Good. Starting with being a great place to work. We believe that when people feel valued, supported, and empowered, they do their best work. That’s why we focus on creating an employee experience rooted in purpose, growth, and balance. Semperis has been recognized as one of America’s Fastest-Growing Cybersecurity Companies by the Inc. 5000, a DUNS 100 Top Startup to Work For, and a multi-year Inc. Best Workplace awardee.
Please Note all Requirements! Hybrid role
We cannot sponsor at this time
Semperis is looking for a detail-oriented and analytical Cyber Risk Analyst to join our Security & Risk team. In this role, you will play a crucial part in safeguarding the organization's assets and ensuring operational resilience by identifying and assessing potential Cyber Risks of all incoming vendors, third parties, services, and technology. You will collaborate with cross-functional teams and third-party vendors and providers, to request, collect, and analyze pertinent information and collateral, assess Cyber Risks, and recommend or require effective Cyber Risk control strategies.
Position Summary
The Technology Risk Analyst is responsible for protecting the organization by identifying, assessing, and mitigating risks across our technology environment, including applications, infrastructure, and third-party vendors. They use data and analytical models to forecast potential outcomes, advise management on strategic decisions, and develop control plans to minimize losses. A critical function of this role is to manage technology risk ensuring all deviations from policy & standards are properly documented, compensated, and reviewed. This role requires strong familiarity with GRC concepts, modern GRC tools, and hands-on experience in risk analysis mitigation and compliance assurance.
Key Responsibilities
Risk Management
Risk Identification & Assessment: Conduct technology risk assessments across new and existing applications, Review submitted risk exception requests, validate technical necessity, evaluate proposed compensating controls, and assign residual risk ratings (High, Medium, Low).
Documentation: Ensure comprehensive, auditable documentation is maintained for all approved, denied, and conditionally approved exceptions, including mandatory review dates and resolution plans.
Data Analysis and Modeling: Collect, process, and interpret multiple sources of data to model Cyber Risk scenarios, forecast potential outcomes, and evaluate Cyber Risk exposure. Translate technical findings into clear, measurable business risk statements for audience in multiple disciplines including leadership, customers and technical delivery teams.
Monitoring: Track risk plan milestones and drive issue management initiating timely follow-ups with Business Owners to ensure our controls are adequate, compliance is assured and overall risk goals are met.
Remediation Support: Develop mitigation strategies, recommend strategies to reduce, transfer, or avoid identified Cyber Risks - such as implementing new policies, controls, or processes. Collaborate with other teams to define and prioritize remediation efforts based on risk severity and business impact.
Process improvement: Improve and automate Risk management process, working with the security and risk leadership teams.
Third party Risk Management (VRM)
3rd party Due Diligence: Perform security assessments of new and existing third-party vendors and service providers, reviewing security attestations (e.g., SOC 2, ISO 27001) and security questionnaires.
Risk Analysis: Assess incoming compliance artifacts provided by third parties and research external sources to develop comprehensive risk assessments including risk scoring metrics.
Risk Reporting: Document and communicate inherent and residual risks associated with vendor reliance and data handling practices. Prepare detailed reports, summaries, and presentations for management and stakeholders to communicate findings, recommendations, and trends.
GRC Automation & Process Improvement
Tooling: Utilize and manage the corporate GRC platform and risk management tools to streamline risk workflows, automate control monitoring, and improve reporting efficiency.
Automation: Identify opportunities to automate manual GRC tasks, specifically integrating risk tracking and control evidence gathering into GRC tools.
Policy, Compliance & Customer Support
Respond to customer, partner or compliance questionnaires related to product security. This will involve Liaoning with product teams and other knowledge sources to maintain a knowledge library, utilizing a combination of AI, manual & automated process to prepare SQ responses according to SLA expectations.
Standard Maintenance: Support the Risk & InfoSec team in reviewing, updating, and aligning IT Security Policies, Standards, and Procedures with regulatory requirements and industry best practices.
Audit Readiness: Assist in gathering evidence and d