Risk Analyst, Information Security

Summary

Join Moodle, the world's most popular learning platform, and become a Risk Analyst within our Information Security department! This fully remote role offers a flexible schedule and a supportive team environment. You will be responsible for quantitative risk assessment, threat and vulnerability assessments, and compliance management, playing a key role in our FedRAMP certification process. The ideal candidate possesses a Bachelor's degree, expertise in security frameworks (CIS CSC, NIST CSF, FAIR), and project management skills. Competitive salary and benefits, including health insurance, 401k contribution, paid time off, and more, are offered.

Requirements

• Bachelor's Degree in a related field of study
• Competency and proficiency in the CIS CSC and NIST CSF security frameworks
• Competency and proficiency in the FAIR risk framework
• Proficiency and capability in project management practices
• Embody and promote the department’s mission, goals and values
• Experience managing SOC2 recertification processes
• Be a US person (citizen or legal permanent resident)

Responsibilities

• Continuously monitor the security, risk and compliance industry to remain current in frameworks, risk management practices and solutions for the Information Security Department
• Continuously monitor, audit, evaluate and improve the technical controls under administration by this position
• Establish performance indexes (KPI, OKR, KRI, etc) and other risk metrics for quantitative measurement
• Assist in the continuous assessment and improvement of all department policies, processes and procedures
• Administer and be the Subject Matter Expert on the technologies under administration by this position
• Help develop and maintain risk and security compliance programs for the global organization, including SOC 2, FedRAMP, ISO 2700, TPRM, and VM. This involves policy, process and technologies, and ensuring continuous compliance of active certifications
• Support the department’s audit and compliance activities to maintain active certifications, or achieve future certification objectives
• Help develop and maintain the company’s Cyber Risk Management Program serving to identify and mitigate cyber risk to the organization within the Risk Tolerance and Risk Appetite Statements
• Routinely interface with adjacent department stakeholders and leaders for the accuracy of all risks identified within the Risk Management Program
• Help inform and improve the Vendor Risk Management Program
• Develop processes for continuous improvement of controls under administration by this position
• Establish and manage vendor relationships for the technologies under administration by this position

Preferred Qualifications

• CompTIA A+
• CompTIA Security+
• FAIR Analyst
• CRISC
• CRM

Benefits

• Fully remote opportunity, working from home or wherever suits you
• Flexible work schedule
• Supportive, passionate, and fun team
• Culture that fosters personal growth and development
• Salary range of $55,000 - $62,000 per year, depending on experience and education
• Health insurance coverage
• Employer 401(k) contribution
• Paid time off
• Group term life