"Alerted.org

Job Description

We’re seeking an operational Information Security Risk Analyst to run high-throughput, repeatable information security risk assessments aligned to our clients InfoSec Risk Management Framework (RMF). This role is process-driven: you’ll apply a defined methodology, keep immaculate records, produce consistent scoring, and move assessments (via good partnership with key team leads) from intake → analysis → treatment → acceptance without drift. When third-party risk (TPRM) volume spikes or our primary assessor is out, you’ll flex to perform InfoSec assessments on vendors using the same disciplined approach.

What you’ll do

• Execute end-to-end risk assessments across products, platforms, processes, and changes, following the RMF stages of Identification →Analysis → Evaluation and documenting impacted assets, threats, existing controls, vulnerabilities, and consequences.

• Apply consistent scoring using defined likelihood/impact scales (Low=1, Medium=2, High=3) and the Risk Score = Probability × Impact formula; determine Low/Medium/High levels per thresholds.

• Drive treatment decisions (mitigate/retain/avoid/share) and produce clear treatment plans with owners and dates.

Manage acceptance and escalation based on criteria (e.g., Medium → Director; High → VP) and ensure approvals are recorded.

• Maintain the Risk Register with current statuses, residual risk, review dates, and evidence.

• Communicate results and treatment plans to stakeholders; keep two-way communication flowing and traceable.

• Monitor and trigger re-reviews when assets, threats, or vulnerabilities change; schedule periodic reassessments.

Report posture and trends (e.g., risk distribution, SLA adherence, overdue treatments) at the cadence required.

• Flex to TPRM: perform vendor security assessments using our TPRM workflow when inbound volume is high or the dedicated resource is OOO; document results to the same standard as internal assessments.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• 2–5 years hands-on experience running information security risk assessments in an operational capacity (NIST RMF / NIST SP 800-30).

• Proven ability to apply a predefined process consistently: intake → scoping → risk statement → likelihood/impact scoring → treatment → acceptance → register updates.

• Strong grasp of NIST SP 800-37 (RMF) and NIST SP 800-53 control families; ISO 27005 familiarity is a plus.

• Comfortable evaluating evidence: policies/standards, SOC 2 Type II, ISO/IEC 27001 certificates, penetration test reports, vulnerability scans, and cloud configuration artifacts.

• Experience managing a risk register and assessment queue with SLAs; high throughput without quality drift.

• Tooling fluency with GRC/risk platforms (e.g., ServiceNow GRC, Archer, OneTrust, or similar) and solid spreadsheet hygiene (filters, pivots, data validation).

• Clear, concise writing for risk statements, treatment plans, acceptance memos, and stakeholder updates. ● Certifications such as CompTIA Security+, CRISC, CISA, CASP+, CISSP, or FAIR Foundations.

• Familiarity with Airtable.

• Experience in game/dev, live services, or large-scale cloud environments.

• Familiarity with SIG/CAIQ or similar for vendor questionnaires (for TPRM flex work).

• Light scripting/automation (e.g., Python, SQL, or Excel macros) to streamline repetitive QA and reporting tasks. null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].