Burgeon IT Services
Overview
Position Type: Contract
Location: Seattle, WA (Onsite)
Cybersecurity GRC Security Analyst Risk and Issue Management
About this team The Cybersecurity team enables us to conduct its global operations in a secure manner and to safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through security and compliance risk, and through fostering a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced specialist to serve as Security Analyst Risk and Issue Management. This role will work collaboratively with cross–functional teams within Cybersecurity and across Technology to identify, analyze, document, and drive clear risk remediation activities to reduce systemic security risks. The ideal candidate will bring a blend of technical security and risk management expertise, along with strategic thinking to drive measurable improvements in our security posture.
Day in the life As the Security Analyst Risk and Issue Management for us, you will define, facilitate, coordinate, and track remediation action plans for security risks and issues. The effectiveness of this role will be measured through verified closure of open risks and issues, and demonstrated reduction in the organizations security risk posture.
Responsibilities
Lead and participate in targeted risk reduction initiatives across business units and technology domains
Analyze complex systems, architectures, and processes to identify security vulnerabilities and systemic risks
Collaborate with cross–functional teams to design and implement risk mitigation strategies
Conduct root cause analysis of recurring security issues and propose remediation plans for sustainable solutions
Support the development and refinement of GRC metrics and dashboards to track risk reduction progress
Serve as a liaison between Cybersecurity and technology teams to ensure appropriate prioritization and alignment on risk remediation tasks
Contribute to incident response post mortem activities to identify residual risk and develop risk mitigation strategies, including supporting root cause analysis (RCA) discussions to understand and document underlying issues
Remain current with emerging threats, vulnerabilities, and regulatory requirements
Be an ambassador for the governance, risk and compliance security practice throughout the organization
Qualifications
5+ years experience in a cybersecurity function, preferably in a GRC, security engineering, or security risk management role
Bachelors degree with focus on information technology, cybersecurity or technology audit preferred
Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST–CSF, NIST–AI RMF, COBIT, ISO27001, Data Privacy regulations and frameworks)
Proven track record in identifying and reducing systemic security risks in complex environments
Experience working in or with security tiger teams, red/blue/purple teams, or similar high–impact security functions
Strong understanding of enterprise IT systems and networks, cloud platforms, and security architectures
Understanding of emerging AI/LLM technologies and related security risks
Experience and passion for technical security risk identification and mitigation
Ability to interact effectively with technical security stakeholders as well as non–technical business stakeholders to communicate and inform concepts pertaining to security risk
Familiarity with ServiceNow GRC/IRM systems preferred
Must have excellent analytical, communication, and project management skills
Must be detail oriented and a self–starter
Must be comfortable in a role that is dynamic and evolving
Professional certification such as CISA, CISSP, CRISC, Security+, CDPSE is a plus
Must haves
Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
Communicates with honesty and kindness and creates the space for others to do the same.
Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
Fosters connection by putting people first and building trusting relationships.
Integrates fun and joy as a way of being and working, aka doesnt take themselves too seriously.
Actively removes barriers to equity so that everyone feels a sense of belonging.
#J-18808-Ljbffr
Location: Seattle, WA (Onsite)
Cybersecurity GRC Security Analyst Risk and Issue Management
About this team The Cybersecurity team enables us to conduct its global operations in a secure manner and to safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through security and compliance risk, and through fostering a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced specialist to serve as Security Analyst Risk and Issue Management. This role will work collaboratively with cross–functional teams within Cybersecurity and across Technology to identify, analyze, document, and drive clear risk remediation activities to reduce systemic security risks. The ideal candidate will bring a blend of technical security and risk management expertise, along with strategic thinking to drive measurable improvements in our security posture.
Day in the life As the Security Analyst Risk and Issue Management for us, you will define, facilitate, coordinate, and track remediation action plans for security risks and issues. The effectiveness of this role will be measured through verified closure of open risks and issues, and demonstrated reduction in the organizations security risk posture.
Responsibilities
Lead and participate in targeted risk reduction initiatives across business units and technology domains
Analyze complex systems, architectures, and processes to identify security vulnerabilities and systemic risks
Collaborate with cross–functional teams to design and implement risk mitigation strategies
Conduct root cause analysis of recurring security issues and propose remediation plans for sustainable solutions
Support the development and refinement of GRC metrics and dashboards to track risk reduction progress
Serve as a liaison between Cybersecurity and technology teams to ensure appropriate prioritization and alignment on risk remediation tasks
Contribute to incident response post mortem activities to identify residual risk and develop risk mitigation strategies, including supporting root cause analysis (RCA) discussions to understand and document underlying issues
Remain current with emerging threats, vulnerabilities, and regulatory requirements
Be an ambassador for the governance, risk and compliance security practice throughout the organization
Qualifications
5+ years experience in a cybersecurity function, preferably in a GRC, security engineering, or security risk management role
Bachelors degree with focus on information technology, cybersecurity or technology audit preferred
Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST–CSF, NIST–AI RMF, COBIT, ISO27001, Data Privacy regulations and frameworks)
Proven track record in identifying and reducing systemic security risks in complex environments
Experience working in or with security tiger teams, red/blue/purple teams, or similar high–impact security functions
Strong understanding of enterprise IT systems and networks, cloud platforms, and security architectures
Understanding of emerging AI/LLM technologies and related security risks
Experience and passion for technical security risk identification and mitigation
Ability to interact effectively with technical security stakeholders as well as non–technical business stakeholders to communicate and inform concepts pertaining to security risk
Familiarity with ServiceNow GRC/IRM systems preferred
Must have excellent analytical, communication, and project management skills
Must be detail oriented and a self–starter
Must be comfortable in a role that is dynamic and evolving
Professional certification such as CISA, CISSP, CRISC, Security+, CDPSE is a plus
Must haves
Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
Communicates with honesty and kindness and creates the space for others to do the same.
Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
Fosters connection by putting people first and building trusting relationships.
Integrates fun and joy as a way of being and working, aka doesnt take themselves too seriously.
Actively removes barriers to equity so that everyone feels a sense of belonging.
#J-18808-Ljbffr