oneZero Financial Systems
Business and Security Risk Analyst
oneZero Financial Systems, Somerville, Massachusetts, us, 02145
Job Purpose
The Business & Security Risk Analyst supports oneZero’s Enterprise Risk Management (ERM), information security, and regulatory risk programs by identifying, assessing, monitoring, and reporting risks that could impact the organization’s business operations, technology platforms, customers, and regulatory obligations. The role serves as a key operational contributor to risk governance, ensuring that security, compliance, and business risks are consistently evaluated, documented, and mitigated in alignment with oneZero’s risk appetite, client expectations, and applicable regulatory frameworks. This position enables leadership to make informed decisions through accurate risk analysis, metrics, and reporting.
Duties Enterprise & Business Risk Management
Support the day-to-day operation of oneZero’s Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation.
Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls.
Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives.
Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees.
Information Security & Technology Risk
Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero’s trading platform.
Assist in evaluating security risks associated with system changes, architecture decisions, and software development activities.
Contribute to ongoing monitoring of cybersecurity risks and emerging threats relevant to financial services and trading platforms.
Third-Party and Vendor Risk Management
Support vendor risk assessments, including security, privacy, business continuity, and financial risk reviews.
Track third-party risk findings, remediation plans, and contractually required controls.
Assist with due diligence responses to client and regulatory third-party risk inquiries.
Compliance, Audit, and Client Assurance
Support internal and external audits, client assessments, and regulatory examinations by collecting evidence, responding to inquiries, and tracking action items.
Assist in maintaining alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC, regulatory client requirements).
Help prepare risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums.
Risk Metrics, Reporting, and Governance
Develop and maintain key risk indicators (KRIs), key performance indicators (KPIs), and management reports related to business and security risk.
Support preparation of materials for risk committees, management reviews, and executive reporting.
Ensure risk documentation, policies, and procedures remain current and consistent with organizational practices.
Cross-Functional Collaboration
Work closely with engineering, IT, security, legal, compliance, product, and operations teams to embed risk management into business processes.
Act as a liaison between technical teams and non-technical stakeholders, translating risk findings into clear, actionable insights.
The salary range for this role is $85,000 to $105,000, depending on relevant experience.
#J-18808-Ljbffr
Duties Enterprise & Business Risk Management
Support the day-to-day operation of oneZero’s Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation.
Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls.
Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives.
Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees.
Information Security & Technology Risk
Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero’s trading platform.
Assist in evaluating security risks associated with system changes, architecture decisions, and software development activities.
Contribute to ongoing monitoring of cybersecurity risks and emerging threats relevant to financial services and trading platforms.
Third-Party and Vendor Risk Management
Support vendor risk assessments, including security, privacy, business continuity, and financial risk reviews.
Track third-party risk findings, remediation plans, and contractually required controls.
Assist with due diligence responses to client and regulatory third-party risk inquiries.
Compliance, Audit, and Client Assurance
Support internal and external audits, client assessments, and regulatory examinations by collecting evidence, responding to inquiries, and tracking action items.
Assist in maintaining alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC, regulatory client requirements).
Help prepare risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums.
Risk Metrics, Reporting, and Governance
Develop and maintain key risk indicators (KRIs), key performance indicators (KPIs), and management reports related to business and security risk.
Support preparation of materials for risk committees, management reviews, and executive reporting.
Ensure risk documentation, policies, and procedures remain current and consistent with organizational practices.
Cross-Functional Collaboration
Work closely with engineering, IT, security, legal, compliance, product, and operations teams to embed risk management into business processes.
Act as a liaison between technical teams and non-technical stakeholders, translating risk findings into clear, actionable insights.
The salary range for this role is $85,000 to $105,000, depending on relevant experience.
#J-18808-Ljbffr