Enterprise Risk Analyst
$132k - $178kTrue Anomaly
Enterprise Risk Analyst
Denver, CO or Long Beach, CA or Washington, DC or SF Bay Area
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
Our Values
- Be the offset. We create asymmetric advantages with creativity and ingenuity.
- What would it take? We challenge assumptions to deliver ambitious results.
- It's the people. Our team is our competitive advantage and we are better together.
Your Mission
We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.
This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.
Responsibilities
Enterprise Risk Management
- Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
- Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
- Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
- Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
- Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
- Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
- Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
- Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
- Coordinate and track internal audit schedules, findings, and corrective action plans across business units.
Third-Party Vendor Risk Management
- Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
- Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
- Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
- Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
- Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
- Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.
Cross-Functional Collaboration
- Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
- Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
- Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
- Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.
Qualifications
- 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
- Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
- Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
- Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
- Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
- Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
- Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
- Active or ability to obtain SECRET , TS/SCI security clearance .
- Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).
Preferred Qualifications
- Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
- Industry certifications such as:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Open FAIR Certification (The Open Group)
- CompTIA Security+ or equivalent
- Certified ScrumMaster (CSM) or similar Agile certification
- Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
- Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
- Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
- Familiarity with Agile/Scrum and hybrid project delivery models.
Compensation
- Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
- Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Additional Requirements
- Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
- Work Environment: Standard office setting, working at a desk or in a production factory environment
- Physical Demands: May include frequent
$150k - $180k
...knowledge layer that agents, applications, and enterprises rely on to retrieve real‑time, accurate,... .... The Role We're looking for a GRC Analyst to join our growing Security, IT, and... ...The right person translates security and risk into terms that the business and product...SuggestedFull timeImmediate startRemote workWork from homeFlexible hours$135k - $165k
...scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk... ...vendor and third‑party risk assessments. Support enterprise risk management and risk register maintenance. Maintain...SuggestedContract workFlexible hours- ...Job Overview As a Analyst, Enterprise Service Desk, you will play a crucial role in resolving technical issues for our Hedge Fund and Private Equity clients. As the first point of contact, you will respond to client issues, collaborate internally and externally to resolve...SuggestedWork at officeRemote work
- ...Risk Management Analyst Integrated Resources, Inc is a premier staffing firm recognized as one of the tri-states most well-respected professional specialty firms. IRI has built its reputation on excellent service and integrity since its inception in 1996. Our mission...Suggested
$90k - $125k
...deliver innovative and ethical solutions that help businesses achieve their ambitions faster. Adyen is looking for a hands‑on CDD Risk Analyst with experience in the payments and/or finance industry to contribute to the growth and scaling of our customer base in North...SuggestedWork at officeLocal area$29 per hour
...injections, and misuse cases. Generate high-quality human data by annotating failures, classifying vulnerabilities, and flagging systemic risks. Apply structure using taxonomies, benchmarks, and playbooks to ensure consistent testing. Document reproducibly by producing...Hourly payWeekly payFull timeContract workPart timeFor contractorsSummer workRemote work$125k - $200k
...compliant. You will connect governance, risk management, and compliance to protect our... ...Compliance & Audits: Act as a Customer Trust Analyst to address security-related inquiries.... ...to demonstrate compliance to auditors and enterprise customers. Assess Risk: Identify,...Flexible hours$130k - $160k
...Role Overview As a Security Risk and Compliance Analyst you will play a hands‑on role in maturing and operating the company’s compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection...InternshipWork at officeLocal areaWork from homeWorldwide$80k - $90k
...Private Risk Advisor The USI Insurance Services Personal Risk Practice provides comprehensive risk management and insurance consultation to high net worth individuals and family offices with complex financial and insurance needs. The Private Risk Advisor is an outside...Work at officeLocal area$60k - $85k
...globally in our San Francisco, Seattle, and Delhi offices. Please reach out if you are interested in joining the future of AI! Analyst, Enterprise Analytics We are looking for talented candidates to join our Hive Media team, a unit of the business focused on serving...Work experience placement$80k - $110k
...Personal Risk Specialist The Personal Risk Specialist is an outside sales position focused on serving the unique insurance needs of affluent/high net worth clients. In addition to cross selling, as a primary focus for business development, this role is also expected...Temporary workFlexible hours$134k - $202k
...growing our community, or shaping our story, you’ll help define what comes next. About the role: We are looking for a GRC Analyst to join our Governance, Risk & Compliance (GRC) team. You will have the opportunity to manage and maintain ongoing compliance with security and...Work at officeRemote workWork from homeWorldwideMonday to FridayFlexible hours$130k - $150k
...team that believes in each other, come build with us at Crusoe. About This Role We’re seeking a GRC Analyst to support the day-to-day execution of our Governance, Risk, and Compliance program. Reporting to the Head of GRC, this role focuses on operational compliance activities...Temporary work- ...Location San Francisco, CA or Canton, MA Purpose The purpose of the Credit Risk Analyst is to support the credit risk team, working closely with all members to manage customer credit profiles, review credit risk data, maintain documentation, and assist with compliance...Work experience placement
$65 - $85 per hour
...Senior GRC Analyst - Security & Compliance LHH Recruitment Solutions is partnering with a high-growth, cloud-native SaaS organization... ...a unique opportunity to take ownership of a growing governance, risk, and compliance program within an innovative technology...Hourly payContract workTemporary workWork at officeLocal area$122k - $140k
...driven team. The successful candidate will join Prosper's Credit Risk team. The Credit Risk team uses analytics tools to develop... ...decisions in Prosper's online marketplace. A Senior Credit Risk Analyst at Prosper has the opportunity to utilize advanced analytical skills...Local areaRemote workFlexible hours- ...Job Description Job Description Job43 EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5... ...metrics for performance measurement and reporting. Coordinate enterprise-level security and risk management efforts. Act as a subject...Remote jobImmediate startFlexible hours
- ...Job Summary The Benefits Analyst independently uses UC Group Insurance Plan Regulations, University of California Retirement Plan (... ...System and Health and Welfare Benefit Programs across the UCSF enterprise. It provides benefits consulting services to UCSF faculty and...Work experience placementWork at officeLocal area
$102k - $138k
...Compensation Analyst Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development... ...regulatory changes to reduce legal risk. Work on compensation projects and...Work experience placementWorldwide$140k - $160k
...effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve... ...powers the future. About the Role The Senior Workday Analyst is responsible for Workday at Nscale - the system underpinning...Flexible hours- ...Job Title Business Analyst (BA) with good experience in admin role, for leading enterprise-scale CRM, PRM projects. Experience Requirements ~5 + years of experience as a Business Analyst (BA) with good experience in admin role, for leading enterprise-scale CRM...Work at office
- ...union. As part of the People Analytics team, the workforce analyst supports workforce reporting, analytics, and metric development... ...while escalating novel architectural, governance, or enterprise-wide decisions to senior team members. The analyst independently...Flexible hours
- ...Duties and Responsibilities: - Provide advanced support for configuration, change, and release management activities across enterprise systems. - Maintain and govern the CMDB to ensure accuracy, completeness, and audit compliance. - Perform reconciliation...Minimum wageContract workTemporary workWork experience placementRemote work
$73.5k - $147k
...Health Actuary – Analyst III Locations: Richmond, Washington DC, Philadelphia, Atlanta, Tampa, Hartford, Louisville, Nashville, or New York City. Responsibilities The Health & Benefits (H&B) actuarial consulting analyst is responsible for managing client projects that...Minimum wageWork experience placementRemote workFlexible hours3 days per week$67.5k - $125.8k
...Sales And Risk Consultant Our not-so-secret sauce. Award-winning, inclusive, top workplace culture doesn't happen overnight. It's a result of hard work by extraordinary people. More than 11,000 of the industry's brightest talent drive our efforts to deliver purposeful...Minimum wageContract workLocal areaFlexible hoursNight shift$100k - $145k
...platform, delivering top-tier compensation intelligence to leading enterprise teams. Compa is a compensation intelligence company built to... ...in person work where possible. The Role The Compensation Data Analyst plays a critical role in maintaining trust in Compa’s...$70.5k - $75k
...guidance of the the Director of Data and Reporting, the Data Analyst is responsible for the generation, quality assurance, and distribution... ...worked with large-scale cloud-based data repositories and enterprise data management systems. You have a knack for cleaning,...Full timeWork at officeFlexible hours2 days per week3 days per week- ...Business Analyst Clinical Data Expertise Project & Management Coordination San Francisco... ...solutions to promote data integrity in enterprise systems. Serves as a critical... ...project. Identifies and communicates both risks and solutions Participates in the...
- ...The Oracle SCM Reporting Analyst is responsible for designing, developing, and maintaining reports and dashboards across Oracle Cloud... ...ensuring data accuracy, consistency, and usability across the enterprise. The analyst will leverage Oracle reporting tools (OTBI, BI...
$25 - $28 per hour
...Job Title : Data Analyst Location : San Francisco, CA Type : Contract-to-Hire Compensation: $25-$28/... ...actions or corrective actions including but not limited to SEMAP, Enterprise Income Verification (EIV), PIH Information Center (PIC), 50058...Contract workFor contractorsWork at officeLocal areaMonday to Friday
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Enterprise Risk Analyst. Be the first to apply!
- risk officer San Francisco, CA
- it risk analyst San Francisco, CA
- risk analyst San Francisco, CA
- senior quantitative risk analyst San Francisco, CA
- risk consultant San Francisco, CA
- operational risk specialist San Francisco, CA
- operational risk consultant San Francisco, CA
- third party risk analyst San Francisco, CA
- technology risk San Francisco, CA
- risk underwriter San Francisco, CA

