Principal Risk Assessment Specialist

The Principal Risk Assessment Specialist will be responsible for leading risk assessment activities across the organization, identifying vulnerabilities, and developing strategies to mitigate risks to our information assets. This role requires deep expertise in information security risk management, strong analytical skills, and the ability to communicate complex concepts effectively to stakeholders at all levels.

Key Responsibilities:

• Risk Assessment Leadership: Lead the design and implementation of risk assessment methodologies, frameworks, and processes to identify, analyze, and prioritize risks related to information security.
• Risk Analysis: Conduct comprehensive risk assessments, including threat modeling and vulnerability assessments, to evaluate the potential impact of security incidents on the organization.
• Collaboration: Work closely with cross-functional teams, including IT, compliance, and business units, to ensure alignment of risk management strategies with organizational objectives.
• Reporting: Prepare detailed risk assessment reports for senior management and the board, outlining key findings, risk ratings, and recommended mitigation strategies.
• Policy Development: Contribute to the development and revision of security policies, standards, and procedures based on risk assessment outcomes and industry best practices.
• Continuous Monitoring: Establish mechanisms for ongoing risk monitoring and reassessment, ensuring that the organization remains aware of emerging threats and vulnerabilities.
• Training and Awareness: Develop and conduct training programs to promote a culture of risk awareness and security best practices among employees.
• Regulatory Compliance: Ensure that risk assessment activities align with relevant regulations and standards (e.g., ISO 27001, NIST, GDPR), and assist with audit preparation and responses.

Qualifications:

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field (Master’s degree preferred).
• 8+ years of experience in information security, risk assessment, or a related field, with a focus on leading risk management initiatives.
• In-depth knowledge of risk assessment frameworks and methodologies, including qualitative and quantitative risk analysis.
• Strong understanding of information security principles, best practices, and regulatory requirements.
• Exceptional analytical skills, with the ability to synthesize complex information and provide actionable insights.
• Excellent communication and interpersonal skills, with experience presenting to senior leadership and cross-functional teams.
• Proficiency with risk assessment tools and software.

Preferred Qualifications:

• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA).
• Experience in a leadership role within a risk management or information security function.

Salary Range:

The anticipated base salary range for this position is between $105,000 and $130,000. Base salary ranges may vary by geographic location and relevant experience, education, certifications, and seniority as compared to others doing substantially similar work. There is no guarantee an offer will be at the top of the posted range based on the salary analysis.

Here are some of our local benefits:

• Three week's paid time off on top of 12 paid holidays, floating holidays, and holiday allowance increase based on tenure
• Gym membership subsidy
• Medical and dental insurance
• Pet insurance
• Employee Assistance Program
• College Savings Plan
• Travel assistance
• 401(k) with up to 4% employer match