Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Enterprise Risk Analyst

$132k - $178k

True Anomaly

Enterprise Risk Analyst

Denver, CO or Long Beach, CA or Washington, DC or SF Bay Area

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

Our Values

  • Be the offset. We create asymmetric advantages with creativity and ingenuity.
  • What would it take? We challenge assumptions to deliver ambitious results.
  • It's the people. Our team is our competitive advantage and we are better together.

Your Mission

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.

Responsibilities

Enterprise Risk Management

  • Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
  • Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
  • Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
  • Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
  • Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
  • Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
  • Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
  • Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
  • Coordinate and track internal audit schedules, findings, and corrective action plans across business units.

Third-Party Vendor Risk Management

  • Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
  • Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
  • Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
  • Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
  • Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
  • Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.

Cross-Functional Collaboration

  • Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
  • Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
  • Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
  • Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.

Qualifications

  • 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
  • Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
  • Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
  • Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
  • Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
  • Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
  • Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
  • Active or ability to obtain SECRET , TS/SCI security clearance .
  • Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).

Preferred Qualifications

  • Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
  • Industry certifications such as:
    • Certified in Risk and Information Systems Control (CRISC)
    • Certified Information Systems Auditor (CISA)
    • Open FAIR Certification (The Open Group)
    • CompTIA Security+ or equivalent
    • Certified ScrumMaster (CSM) or similar Agile certification
    • Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
    • Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
    • Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
    • Familiarity with Agile/Scrum and hybrid project delivery models.

Compensation

  • Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
  • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.

Additional Requirements

  • Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
  • Work Environment: Standard office setting, working at a desk or in a production factory environment
  • Physical Demands: May include frequent
Vacancy posted 5 days ago
Similar jobs that could be interesting for youBased on the Enterprise Risk Analyst in San Francisco, CA vacancy
  • $150k - $180k

     ...knowledge layer that agents, applications, and enterprises rely on to retrieve real‑time, accurate,...  .... The Role We're looking for a GRC Analyst to join our growing Security, IT, and...  ...The right person translates security and risk into terms that the business and product... 
    Suggested
    Full time
    Immediate start
    Remote work
    Work from home
    Flexible hours

    Y.O.U.

    San Francisco, CA
    1 day ago
  • $135k - $165k

     ...scale, we are looking for a highly motivated Governance, Risk & Compliance (GRC) Analyst to support and mature Ivo's security compliance and risk...  ...vendor and third-party risk assessments. Support enterprise risk management and risk register maintenance. Maintain... 
    Suggested
    Contract work
    Flexible hours

    IVO Inc

    San Francisco, CA
    2 days ago
  •  ...Job Overview As a Analyst, Enterprise Service Desk, you will play a crucial role in resolving technical issues for our Hedge Fund and Private Equity clients. As the first point of contact, you will respond to client issues, collaborate internally and externally to resolve... 
    Suggested
    Work at office
    Remote work

    Dormont Manufacturing Company

    San Francisco, CA
    3 days ago
  •  ...Risk Management Analyst Integrated Resources, Inc is a premier staffing firm recognized as one of the tri-states most well-respected professional specialty firms. IRI has built its reputation on excellent service and integrity since its inception in 1996. Our mission... 
    Suggested

    Careers Integrated Resources Inc

    San Francisco, CA
    1 day ago
  • Job43 - EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed Start Date: ASAP Proposed End Date...  ...for performance measurement and reporting. Coordinate enterprise-level security and risk management efforts. Act as a subject... 
    Suggested
    Remote job
    Immediate start
    Flexible hours

    DELTASOFT SOLUTIONS

    San Francisco, CA
    2 days ago
  • $90k - $125k

     ...deliver innovative and ethical solutions that help businesses achieve their ambitions faster. Adyen is looking for a hands‑on CDD Risk Analyst with experience in the payments and/or finance industry to contribute to the growth and scaling of our customer base in North... 
    Work at office
    Local area

    Adyen

    San Francisco, CA
    1 day ago
  • $125k - $200k

     ...compliant. You will connect governance, risk management, and compliance to protect our...  ...Compliance & Audits: Act as a Customer Trust Analyst to address security-related inquiries....  ...to demonstrate compliance to auditors and enterprise customers. Assess Risk: Identify,... 
    Flexible hours

    Simile

    San Francisco, CA
    1 day ago
  • $84k - $105k

     ...decisioning logic from both internally and externally developed fraud risk models and applications with the associated outcomes as it...  ...decisions without direct authority. Experience supporting enterprise fraud programs or large‑scale fraud platforms. The above job description... 
    Work at office
    Visa sponsorship
    Work visa

    Early Warning Services LLC

    San Francisco, CA
    2 days ago
  • $90k - $125k

    Adyen is looking for a CDD Risk Analyst in San Francisco to manage Know-Your-Customer (KYC) and Customer Due Diligence (CDD) processes. The ideal candidate has over 4 years of experience in the payments or finance industry and strong analytical skills. The role includes... 

    Jobr

    San Francisco, CA
    2 days ago
  • Common Sense Media is seeking a Risk Assessment Analyst to evaluate AI tools used by children and educators. The role involves designing assessment plans, conducting data analysis, and preparing reports to ensure youth safety in AI applications. Ideal candidates will have... 

    Common Sense Media

    San Francisco, CA
    1 day ago
  • $29 per hour

     ...injections, and misuse cases. Generate high-quality human data by annotating failures, classifying vulnerabilities, and flagging systemic risks. Apply structure using taxonomies, benchmarks, and playbooks to ensure consistent testing. Document reproducibly by producing... 
    Hourly pay
    Weekly pay
    Full time
    Contract work
    Part time
    For contractors
    Summer work
    Remote work

    Mercor Inc

    San Francisco, CA
    4 days ago
  • The Consulting Solutions is seeking an Agentic Risk Analyst to shape the operating picture for current agentic risk across various platforms. You will build a comprehensive portfolio of material agentic risks, analyze emerging threats, and produce actionable assessments... 

    The Consulting Solutions

    San Francisco, CA
    4 days ago
  • $198k - $320k

     ...team seeks to rapidly identify and mitigate abuse and strategic risks to ensure a safe online ecosystem. We are dedicated to identifying...  ...product decision-makers. About The Role As a Strategic Risk Analyst, you will help develop and maintain our central view of strategic... 
    Shift work

    SupportFinity™

    San Francisco, CA
    2 days ago
  • $31.95 - $44 per hour

     ...ensure a world-class customer experience. Responsibilities include verifying businesses using various data sources and implementing risk management policies. This position offers a salary range of $31.95 to $44.00 per hour, with hybrid work flexibility. #J-18808-Ljbffr... 
    Hourly pay

    Dormont Manufacturing Co

    San Francisco, CA
    4 days ago
  • $90k - $110k

    Risk Assessment Analyst (Youth AI Safety Institute)Common Sense Media is the leading nonprofit organization dedicated to improving the lives of kids and families by providing the research-backed information, education, and independent voice they need to thrive in the age... 
    Full time
    For contractors
    Local area
    Worldwide

    Common Sense Media

    San Francisco, CA
    1 day ago
  •  ...Investigations team rapidly identifies and mitigates abuse and strategic risks to ensure a safe online ecosystem. The Strategic Intelligence &...  ...risks, and strategic threats. About the Role As an Agentic Risk Analyst, you will shape OpenAI’s operating picture for current agentic... 
    Shift work

    The Consulting Solutions

    San Francisco, CA
    4 days ago
  •  ...issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks. Validate evidence...  ...Inc. J-18808-Ljbffr Create a job alert for this search Senior Risk Analyst • San Francisco, CA, US #J-18808-Ljbffr Direct Staffing Inc
    Remote work
    Flexible hours

    Direct Staffing Inc

    San Francisco, CA
    2 days ago
  • $90k - $125k

    Adyen is seeking a hands-on CDD Risk Analyst in San Francisco, responsible for executing KYC and CDD procedures, while ensuring compliance with regulations. Ideal candidates have over 4 years of relevant experience, a strong analytical mindset, and a great sense of responsibility... 
    Work at office

    Adyen

    San Francisco, CA
    1 day ago
  • OpenAI seeks a Strategic Risk Analyst to synthesize abuse signals, external intelligence, and product indicators into decision-ready risk insights. You will partner with investigators, engineers, policy, and trust/safety teams to translate messy signals into ranked priorities... 

    SupportFinity™

    San Francisco, CA
    2 days ago
  • Talent Acquisition LLC seeks a Conflicts Analyst in San Francisco to support new business intake and risk management. This role is critical in conducting conflicts research and client due diligence, ensuring ethical compliance and identifying potential risks. The ideal... 

    Talent Acquisition Inc

    San Francisco, CA
    4 days ago
  • $90k - $120k

    Benchling in San Francisco is looking for a Senior Product Support Analyst to enhance customer experience. The role involves supporting enterprise clients, leading complex escalations, and coordinating cross-functional teams. Candidates should have 5+ years of experience... 
    3 days per week

    Benchling

    San Francisco, CA
    2 days ago
  • $161.6k - $202k

     ...You'll join the Security team and work across four pillars: security certifications (HITRUST, SOC 2, PCI-DSS, HIPAA), third-party risk management, security awareness training, and technical risk management. You won't be maintaining a stale compliance program — you'll... 
    Work from home
    Flexible hours

    Headway - Design & Development

    San Francisco, CA
    2 days ago
  • You.com is looking for a GRC Analyst to join our Security, IT, and Privacy function in San Francisco. This role will be crucial in building...  ...compliance work across various frameworks and conducting vendor risk assessments. The ideal candidate has 3-5 years of experience in... 

    You.com

    San Francisco, CA
    2 days ago
  • $121.6k - $220.6k

     ...Millions of companies—from the world's largest enterprises to the most ambitious startups—use...  ...Stripe by managing the end-to-end risk of our largest and most complex users. We...  ...and partnership success. As a Credit Risk Analyst Commercial Underwriter on the North America... 
    Work at office
    Local area
    Remote work
    Work from home
    Relocation

    Stripe

    San Francisco, CA
    3 days ago
  • BlackRock in San Francisco seeks an Equity Risk Manager to partner with Active Equity PMs and monitor investment risk on the Systematic Active Equity platform. You will understand exposures, discuss risk with portfolio managers, and provide risk oversight to keep risks... 

    SupportFinity™

    San Francisco, CA
    2 days ago
  • $60k - $85k

     ...globally in our San Francisco, Seattle, and Delhi offices. Please reach out if you are interested in joining the future of AI! Analyst, Enterprise Analytics We are looking for talented candidates to join our Hive Media team, a unit of the business focused on serving... 
    Work experience placement

    Hive

    San Francisco, CA
    more than 2 months ago
  • $130k - $160k

     ...Role Overview As a Security Risk and Compliance Analyst you will play a hands‑on role in maturing and operating the company’s compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection... 
    Internship
    Work at office
    Local area
    Work from home
    Worldwide

    United States Digital Space LLC

    San Francisco, CA
    3 days ago
  • The Judicial Council of California is looking for a Human Resources Analyst to perform data analysis and risk assessments related to workers’ compensation. This position involves collaborating with senior analysts, developing strategies to mitigate risks, and providing... 

    Judicial Council of California

    San Francisco, CA
    4 days ago
  • A pioneering AI software firm in San Francisco is seeking an analytical expert to lead AI analysis for global CIOs. You will research AI trends and create compelling content to equip business leaders for strategic decisions. Ideal candidates will have over 4 years of relevant...

    Cognition Corp

    San Francisco, CA
    4 days ago
  • $185k - $275k

     ...Safety and financial fraud investigations, and partnering cross functionally to address customer risk, compliance, and integrity at scale. About the Role As a Fraud & Risk Analyst, you will develop and operate fraud detection, investigation, and risk management systems... 
    Remote work

    OpenAI

    San Francisco, CA
    2 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Enterprise Risk Analyst. Be the first to apply!