Listing Description

We are searching for a Security Risk Analyst! 

Our Security Risk Analysts are vital to delivering security assessments that have been thoroughly validated to our customers. These validated assessments enable our customers to view their vendor portfolio holistically to evaluate risks. This position offers the chance to work alongside and learn from subject matter experts in the thriving areas of cybersecurity and risk management. The team works collaboratively to deep dive into different controls and values a research focused mindset. 

This is the perfect opportunity for those who love to look beyond just prioritization and improve processes to create more efficiency. Operating within a startup environment, this role will deal with a high degree of ambiguity and potentially create structure if needed. There is the potential for 5-10% travel in this role at some point in the future. 

  What a day in the life looks like:

• You'll assess evidence provided by third parties via multiple communications channels (data repository, web conference, or onsite)


• You will assist with the quality control of validated assessment performed by validation partners and team members 


• You will work closely with the CyberGRX Assessment Coordination team to relay messages to third parties and answer questions


• You will plan, execute, and out-brief security assessments alongside internal analysts and external partners who have been trained on the CyberGRX validation methodology

What you bring to the table: 

• You have 2-3 years of third-party information security audit & assessment experience


• You have hands-on technical experience in one or more of the following security control areas: identity & access management, vulnerability & configuration management, data protection, network security, asset management, incident response, or application security


• You possess one or more of the following certifications: CISSP, SSCP, CISA, CISM, CEH, CRISC, SEC+ or GSEC (or other DoD 8570 IAT Level III certification) or would be able and willing to get it within 12 months.


• You understand various regulatory and compliance standards and frameworks including, but not limited to: NIST 800-53, PCI, COBIT, ISO 27002, SANS Top 20, HIPAA, or FFIEC


• You enjoy prioritizing assignments and maximizing efficiencies in order to meet strict deliverable deadlines


• You’re great at communicating key metrics, issues, and risks to senior leadership

Why you want to work for CyberGRX:

• We offer a competitive base salary (commensurate with experience) plus incentive compensation. 


• We have an incredible benefits package including:




• 100% Company paid medical/dental/vision for employees & generous company contribution for dependent health benefits 


• 401(k) program, including employer match up to 3% of your base salary


• $100/month stipend to use for wellness and WFH expenses


• Equity – Acting like an owner is one of our Core Values




• Remote Friendly Work Environment 


• Open Time Off policy - Take the time you need when you need it.


• We are doing new and exciting things and have big plans for growth!

Annual Base Salary Range: $71,000 -$82,000 

Annual Bonus Potential: 10% of base salary

Cybercrime is big business - and not just for the criminals. Business costs related to cybercrime are estimated to go up about 15% per each year reaching about $10.5 trillion annually by 2025. At CyberGRX, we are in the trenches helping businesses and clients combat those threats. We have transformed third-party cyber risk management for enterprises all over the world through our disruptive cloud-based exchange solution. We help companies achieve a detailed view of their third-party vendor ecosystem to help them quickly showcase, identify and mitigate security risks. We also work with our clients to provide cutting edge predictive analytics to provide insights into how they can better stop attacks from happening. With our headquarters based in Denver, Colorado and employees based globally - we strive to hire team members who want ownership, impact and growth. We invite you to learn more about us and would love you to consider joining our team!

We encourage you to apply if this role excites you - even if you think you may not have the exact skillset. We believe in cultivating an environment where there is a diversity of perspectives, in hopes that we can all thrive in an inclusive environment.  

CyberGRX does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class. We support workplace diversity.

CyberGRX prioritizes the health and well-being of employees, and vaccines are the best tool currently available to help control this global pandemic and protect our employees. Therefore, for everyone's safety, as a condition of employment: all employees will be required to demonstrate that they have been fully vaccinated against COVID-19 prior to the commencement of their employment (subject to the availability of reasonable accommodation when required by law). Some roles may be 100% remote and could be exempt from the vaccine mandate.

Our company headquarters are in Denver, Colorado and while we're always hiring talent here at the base of the Rocky Mountains - we're also open to remote candidates for certain roles! For any remote hires - we're hiring in the following states AL, AZ, CA, CT, FL, GA, IA, IL, KS, LA, MA, MI, MN, MO, MS, MT, NC, NH, NJ, NM, NV, NY, OH, PA, SC, TN, TX, VA, WA and WI.