Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Enterprise Risk Analyst

$132k - $178k

True Anomaly

Enterprise Risk Analyst

Denver, CO or Long Beach, CA or Washington, DC or SF Bay Area

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

Our Values

  • Be the offset. We create asymmetric advantages with creativity and ingenuity.
  • What would it take? We challenge assumptions to deliver ambitious results.
  • It's the people. Our team is our competitive advantage and we are better together.

Your Mission

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.

Responsibilities

Enterprise Risk Management

  • Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
  • Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
  • Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
  • Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
  • Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
  • Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
  • Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
  • Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
  • Coordinate and track internal audit schedules, findings, and corrective action plans across business units.

Third-Party Vendor Risk Management

  • Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
  • Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
  • Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
  • Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
  • Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
  • Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.

Cross-Functional Collaboration

  • Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
  • Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
  • Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
  • Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.

Qualifications

  • 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
  • Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
  • Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
  • Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
  • Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
  • Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
  • Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
  • Active or ability to obtain SECRET , TS/SCI security clearance .
  • Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).

Preferred Qualifications

  • Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
  • Industry certifications such as:
    • Certified in Risk and Information Systems Control (CRISC)
    • Certified Information Systems Auditor (CISA)
    • Open FAIR Certification (The Open Group)
    • CompTIA Security+ or equivalent
    • Certified ScrumMaster (CSM) or similar Agile certification
    • Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
    • Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
    • Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
    • Familiarity with Agile/Scrum and hybrid project delivery models.

Compensation

  • Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
  • Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.

Additional Requirements

  • Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
  • Work Environment: Standard office setting, working at a desk or in a production factory environment
  • Physical Demands: May include frequent
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the Enterprise Risk Analyst in Washington DC vacancy
  •  ...Enterprise Risk Management Analyst We are seeking an Enterprise Risk Management Analyst to support the Department of State IT Governance Support Services Bureau of Consular Affairs. This position supports the decision-making framework for addressing several enterprise... 
    Suggested
    Work at office

    Ryde Technologies

    Washington DC
    3 days ago
  • Overview Join to apply for the Enterprise Risk Management Analyst Journeyman role at Spectrum Comm Inc Pentagon, Arlington, VA Spectrum is currently seeking a Management Analyst to support our customer site and support the Department of Navy’s Business Operations Service... 
    Suggested
    Full time

    Spectrum Comm Inc

    Arlington, VA
    1 day ago
  • $94.3k - $122.26k

    Lead Enterprise Fraud Risk Analyst - 90411601 - Washington Location: Washington, DC, US, 20001 Company: Amtrak Job Summary The Lead Enterprise Fraud Risk Analyst is responsible for executing advanced data analytics to identify, analyze, and mitigate internal and external... 
    Suggested
    Temporary work
    Work experience placement
    Relocation
    Flexible hours

    Amtrak

    Washington DC
    3 days ago
  •  ...Risk & Controls Analyst ProSidian is a Management and Operations Consulting Services firm that focuses on providing value to clients through...  ...solutions based on industry-leading practices. ProSidian provides enterprise services/solutions for Risk Management | Compliance |... 
    Suggested
    Full time
    Contract work
    H1b
    Work at office

    ProSidian Consulting

    Alexandria, VA
    1 day ago
  •  ...make a lasting impact on the world! Position Overview: The Risk Management Analyst supports the identification, assessment, and communication...  ...tools (e.g., Active Risk Manager, Risktrak, or similar enterprise risk platforms). Benefits: Health, Dental, and Vision Plans... 
    Suggested
    Temporary work
    Work at office
    Local area

    Ibility

    Washington DC
    2 days ago
  • $98k - $148k

    Freddie Mac seeks an experienced individual contributor in operational risk management to help manage non-financial risks effectively. You will be responsible for identifying risks, preparing assessments, and supporting oversight activities. Ideal candidates possess 5-... 

    Freddie Mac

    Mc Lean, VA
    3 days ago
  • Overview Junior Risk Analyst - Position Description. Join a team that’s shaping the future of Navy support. ICI Services—a 100% employee...  ...and deliver mission-focused solutions across the Navy enterprise. Our diverse team of acquisition experts, financial analysts,... 
    Temporary work
    For contractors
    Immediate start
    Flexible hours

    ICI Services Corporation

    Washington DC
    23 hours ago
  • $120.8k - $137.9k

    Principal Risk Associate, Enterprise Data Risk Management Do you want to be part of an organization that’s dedicated to helping Capital One manage data and, identify and effectively mitigate risk - for our customers, our communities and our associates? As part of Enterprise... 
    Full time
    Part time
    Local area

    Capital One Financial Corporation

    Mc Lean, VA
    23 hours ago
  • $62k - $141k

     ...Job Number: R0242703 Cybersecurity Risk Analyst The Opportunity Cyber threats are everywhere, and the constantly evolving nature of these...  ...can make understanding them seem overwhelming to the global enterprise. In all of this "cyber noise," how can these organizations... 
    Contract work
    Local area

    Phase2 Technology

    Alexandria, VA
    4 days ago
  • $62k - $141k

     ...evolving nature of these threats can make understanding them seem overwhelming to the global enterprise. In all of this “cyber noise,” how can these organizations understand their risks and how to mitigate them? The answer is you. We need your knowledge as an information... 
    Full time
    Contract work
    Part time
    Work at office
    Local area
    Remote work

    Booz Allen Hamilton

    Alexandria, VA
    1 day ago
  • Phase2 Technology is seeking a Cybersecurity Risk Analyst in Alexandria, Virginia, to help clients understand and mitigate their cyber risks. You'll work closely with enterprises to develop tailored risk management strategies and deliver actionable insights through presentations... 

    Phase2 Technology

    Alexandria, VA
    4 days ago
  • $80k - $128k

     ...Analysis Clearance: Secret Peraton is currently seeking a Risk and Vulnerability Analyst. Location: Chandler, AZ or Washington DC. The Risk and...  ...prioritizing vulnerabilities and security risks across enterprise, cloud, and application environments. This role ensures continuous... 
    Contract work
    Shift work

    Peraton

    Washington DC
    1 day ago
  • Role Overview Principal Associate, Data Analyst - Enterprise Risk at Capital One. As a Data Analyst you will leverage analytic and technical skills to innovate, build, and maintain well‑managed data solutions to tackle business problems across Innovation, Business Intelligence... 
    Local area

    Capital One

    Mc Lean, VA
    2 days ago
  • Senior Cybersecurity Supply Chain Risk Management (SCRM) Analyst Location: Washington, DC Schedule: Onsite, 5 days/week Position Type: Direct...  ...services, suppliers, and procurement activities across the enterprise. This is an excellent opportunity for a cybersecurity... 

    JCD Staffing

    Washington DC
    2 days ago
  • $185k - $237.5k

     ...Network for global money movement, and Arc, an enterprise-grade blockchain designed to become the...  ...and operation of Circle’s Product Risk Management function. The goal of this function...  ...Principal Product Operations and Risk Analyst 10+ years working in risk management for... 
    Flexible hours

    Circle

    Washington DC
    2 days ago
  •  .... Job Description The Senior Cybersecurity Supply Chain Risk Management (SCRM) Analyst supports the Agency's Office of the Chief Information Officer...  ...on information security to technology teams and enterprise projects. Contribute to the creation of security architecture... 
    For contractors
    Work at office

    Network Designs

    Washington DC
    2 days ago
  •  ...searching for a forward-thinking and self-motivated Supply Chain Risk Management (SCRM) Analyst to support one of our law enforcement customers in...  ...—Network Modernization, Hybrid Cloud, Cybersecurity, and Enterprise IT—empowering our clients with cutting-edge solutions... 
    Work experience placement
    Worldwide

    VetJobs

    Washington DC
    23 hours ago
  •  ...Must be a U.S. Citizen without dual citizenship. This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for monitoring and reporting... 
    Minimum wage
    Full time
    Contract work
    Temporary work
    Work experience placement
    Remote work

    Maximus

    Adelphi, MD
    1 day ago
  • $141k - $229k

    About This Role We're seeking a Principal Analyst inspired by the future of customer experience (CX) transformations and the executives...  ...leaders build and operate cutting‑edge CX programs and drive enterprise‑wide customer‑led innovation amid the rise of AI and... 
    Temporary work
    For contractors

    Phase2 Technology

    Washington DC
    3 days ago
  • $67.3k - $94.2k

     ...Risk & Controls Analyst CGI is seeking a Risk Analyst to support the documentation, assessment, and testing of infrastructure and cloud technology controls within a financial services environment. This role will help create standardized control test plans, document... 

    CGI

    Washington DC
    4 days ago
  •  ...Risk Management Analyst Strategic Insight, Ltd. is seeking a Risk Management Analyst to support our US Navy client. The job is on-site at the Navy Yard, supporting the Cruiser / Destroyer group in DPAE Modernization and Sustainment office and working directly with the... 
    Contract work
    For contractors
    Work experience placement
    Interim role
    Work at office

    Strategic Insight

    Washington DC
    1 day ago
  •  ...Job Title: Risk Management Analyst Job ID: 86542 Location: Landover, Maryland Overview: We are seeking aRisk Management Analysts who will play a pivotal role in supporting our federal partner's cybersecurity and compliance efforts. What you will be doing:... 

    TEEMA

    Hyattsville, MD
    23 hours ago
  •  ...Position Overview The Risk Analyst is an entry-level position designed for a recent college graduate or professional with 1 to 2 years of relevant insurance experience. The Analyst is the primary service contact for an assigned book of Property and Casualty business and... 
    Work at office

    Lockton

    Washington DC
    3 days ago
  • Industrial Security / Risk / Analyst SME IV - Hybrid Location: Washington D.C. Area BluePath Labs is a fast-growing research and consulting...  ...potential security risks that threaten the scientific enterprise; establishing best practices for programs; conducting outreach... 
    Work at office
    Local area
    Flexible hours

    BluePath Labs

    Washington DC
    4 days ago
  •  ...We are seeking an experienced predictive risk modeler to perform risk assessment on FHA multifamily housing portfolio. To perform in this role, the potential candidate will need skills in econometrics, statistical analysis, and modelling. The Main Responsibilities Include... 

    Aegis Corps

    Washington DC
    23 hours ago
  • Overview We are looking to fill a Senior Enterprise Data Analyst role for a Washington, DC client that supports federal data management and advanced analytics projects. The ideal candidate will be a Washington, DC resident who possesses an active BI or NACLC Public Trust... 
    Work experience placement
    Flexible hours

    MDAEdge

    Washington DC
    23 hours ago
  • Join to apply for the Senior Enterprise Data Analyst, F-35 JPO (Hybrid Telework) role at Serco 1 day ago Be among the first 25 applicants Join to...  ...Integrated Master Schedule [IMS]), and enterprise risk management. Assist DA&A in managing the PMO Integration Council... 
    Full time
    Contract work
    Work at office
    Local area
    Immediate start
    Remote work
    2 days per week
    3 days per week

    Serco

    Arlington, VA
    1 day ago
  • Blue Rose Consulting Group, Inc. is looking for Enterprise Operations Center (EOC) Analysts to monitor and manage enterprise IT environments. The role requires 3+ years of relevant experience and familiarity with various monitoring platforms. This position is contingent... 
    Contract work
    Shift work

    Blue Rose Consulting Group, Inc.

    Washington DC
    4 days ago
  • Bain & Company is looking for a professional to join our AMER Client Risk team in Washington, DC. This role focuses on leading risk assessments, managing client selection processes, and collaborating with senior leadership to ensure responsible growth. Candidates should... 

    Bain & Company

    Washington DC
    1 day ago
  • Burke & Herbert Bank is seeking a Third Party Risk Management Analyst in Alexandria, VA. This full-time role involves managing third-party risk activities and ensuring compliance with regulatory standards. Key responsibilities include coordinating vendor reviews, tracking... 
    Full time
    Work at office
    Remote work

    Burke & Herbert Bank

    Alexandria, VA
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Enterprise Risk Analyst. Be the first to apply!