Enterprise Risk Analyst
$132k - $178kTrue Anomaly
Enterprise Risk Analyst
Denver, CO or Long Beach, CA or Washington, DC or SF Bay Area
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
Our Values
- Be the offset. We create asymmetric advantages with creativity and ingenuity.
- What would it take? We challenge assumptions to deliver ambitious results.
- It's the people. Our team is our competitive advantage and we are better together.
Your Mission
We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.
This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.
Responsibilities
Enterprise Risk Management
- Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
- Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
- Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
- Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
- Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
- Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
- Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
- Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
- Coordinate and track internal audit schedules, findings, and corrective action plans across business units.
Third-Party Vendor Risk Management
- Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
- Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
- Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
- Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
- Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
- Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.
Cross-Functional Collaboration
- Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
- Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
- Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
- Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.
Qualifications
- 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
- Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
- Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
- Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
- Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
- Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
- Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
- Active or ability to obtain SECRET , TS/SCI security clearance .
- Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).
Preferred Qualifications
- Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
- Industry certifications such as:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Open FAIR Certification (The Open Group)
- CompTIA Security+ or equivalent
- Certified ScrumMaster (CSM) or similar Agile certification
- Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
- Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
- Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
- Familiarity with Agile/Scrum and hybrid project delivery models.
Compensation
- Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
- Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Additional Requirements
- Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
- Work Environment: Standard office setting, working at a desk or in a production factory environment
- Physical Demands: May include frequent
- ...Enterprise Risk Management Analyst We are seeking an Enterprise Risk Management Analyst to support the Department of State IT Governance Support Services Bureau of Consular Affairs. This position supports the decision-making framework for addressing several enterprise...SuggestedWork at office
- ...Risk & Controls Analyst ProSidian is a Management and Operations Consulting Services firm that focuses on providing value to clients through... ...solutions based on industry-leading practices. ProSidian provides enterprise services/solutions for Risk Management | Compliance |...SuggestedFull timeContract workH1bWork at office
$120.8k - $137.9k
...Principal Risk Specialist | Enterprise Payments Do you like working in the spotlight? Are you ready to work on the front line of a top 10 Bank? Can you build relationships as well as develop and implement innovative solutions? As a Principal Risk Specialist...SuggestedFull timePart timeWork at officeLocal area- ...make a lasting impact on the world! Position Overview: The Risk Management Analyst supports the identification, assessment, and communication... ...tools (e.g., Active Risk Manager, Risktrak, or similar enterprise risk platforms). Benefits: Health, Dental, and Vision Plans...SuggestedTemporary workWork at officeLocal area
$80k - $128k
...Risk And Vulnerability Analyst Peraton is currently seeking a Risk and Vulnerability Analyst. Location: Chandler, AZ or Washington DC.... ...and prioritizing vulnerabilities and security risks across enterprise, cloud, and application environments. This role ensures continuous...SuggestedContract workShift work$62k - $141k
...evolving nature of these threats can make understanding them seem overwhelming to the global enterprise. In all of this “cyber noise,” how can these organizations understand their risks and how to mitigate them? The answer is you. We need your knowledge as an information...Full timeContract workPart timeWork at officeLocal areaRemote work$62k - $141k
...Job Number: R0242703 Cybersecurity Risk Analyst The Opportunity Cyber threats are everywhere, and the constantly evolving nature of these... ...can make understanding them seem overwhelming to the global enterprise. In all of this "cyber noise," how can these organizations...Contract workLocal area- ...Must be a U.S. Citizen without dual citizenship. This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for monitoring and reporting...Minimum wageFull timeContract workTemporary workWork experience placementRemote work
$67.3k - $94.2k
...Risk & Controls Analyst CGI is seeking a Risk Analyst to support the documentation, assessment, and testing of infrastructure and cloud technology controls within a financial services environment. This role will help create standardized control test plans, document...- ...Job Title: Risk Management Analyst Job ID: 86542 Location: Landover, Maryland Overview: We are seeking aRisk Management Analysts who will play a pivotal role in supporting our federal partner's cybersecurity and compliance efforts. What you will be doing:...
- ...Risk Management Analyst Strategic Insight, Ltd. is seeking a Risk Management Analyst to support our US Navy client. The job is on-site at the Navy Yard, supporting the Cruiser / Destroyer group in DPAE Modernization and Sustainment office and working directly with the...Contract workFor contractorsWork experience placementInterim roleWork at office
- ...We are seeking an experienced predictive risk modeler to perform risk assessment on FHA multifamily housing portfolio. To perform in this role, the potential candidate will need skills in econometrics, statistical analysis, and modelling. The Main Responsibilities Include...
$99k - $225k
...Enterprise Cybersecurity Vulnerability Risk Analyst Cyber threats are everywhere, and vulnerabilities can create risk quickly when findings are not reviewed, prioritized, tracked, and resolved through clear ownership. In all of this cyber noise, how can organizations...Full timeContract workPart timeWork at officeLocal areaRemote work- ...Provides direct support to the Director Security Governance, Risk and Compliance and security shared service team by assuring information... ...with GRC systems/modules. ~ Experience in working across enterprises with various teams beyond security (infrastructure/IT, privacy,...
- ...The Governance, Risk, and Compliance (GRC) Analyst supporting federal and customer programs is responsible for evaluating, documenting, and operationalizing... ...terms. Familiarity with GRC platforms (e.g., enterprise risk or compliance tools). Relevant certifications (e...Contract work
$86.8k - $198k
...Risk Management Analyst, Lead The Opportunity: Manage the application of analytical risk management principles that enable organizations to achieve mission assurance by preparing for, preventing, mitigating, responding to and recovering from emergencies. Apply...Full timeContract workPart timeWork at officeLocal areaRemote work- ...Cyber And It Security Risk Analyst Location: Bethesda, MD Contract: 12 Months Position Summary We are seeking a Cyber and Information Security Risk Analyst to join our growing professional services team. As a Cyber and IT Security Risk Analyst, you will assist...Contract workFor contractors
- ...due to a disability, contact this employer to ask for an accommodation or an alternative application process. Third Party Risk Management Analyst Full Time Alexandria, VA, US 4 days ago Requisition ID: 2244 CLASSIFICATION: Non-exempt REPORTS TO: Program Manager, Third...Full timeContract workWork at officeLocal areaRemote work
- ...Risk Analyst The Risk Analyst is responsible for providing guidance on tools to measure and manage risk, identify/mitigate threats, and protect against unauthorized disclosure of confidential information. Risk Analysts duties include assessing the adequacy of security...Work experience placement
$90k - $115k
...Job Summary IT Risk and Compliance Analyst position is a highly visible, client‑facing role that works closely with Legal and Business Unit stakeholders and reports to the IT Risk and Compliance Manager. This role is responsible for evaluating, assessing, and monitoring...Work experience placementLocal area$80k - $100k
Job Description Kearney & Company is seeking a skilled and vigilant Cybersecurity Risk Analyst to join our dynamic team. The Cybersecurity Risk Analyst is responsible for identifying, assessing, and monitoring risks across the organization. This role helps strengthen...Local areaFlexible hours- ...Compliance & Risk Specialist ProSidian Seeks a Compliance & Risk Specialist | Human Capital Programmatic Evaluation & Compliance... ...Specialist [Business Analytics Support: HR Technology Ecosystem, And Enterprise-Wide Decision-Making Capabilities Enhancement] in the...Full timeContract workH1bWork at office
- ...Governance, Risk, & Compliance (GRC) Analyst Washington, DC Remote Full-Time About This Role As a GRC Analyst, you will help organizations navigate the complex landscape of cybersecurity compliance and risk management. You will work directly with clients to assess their...Full timeRemote work
- ...Arlington, VA. Description We are seeking a Junior Cyber Risk Data Engineer/Analyst . This role focuses on the data side of cyber risk management... ...reflects risk findings, mitigation considerations, and enterprise impacts. Support the development of data visualization products...InternshipShift work
- ...upon contract award *** Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment and risk analysis... ...efforts, maintaining scan operations, and helping improve enterprise visibility into security weaknesses and cyber risk....Contract workWork at officeWorldwideMonday to FridayWeekend workAfternoon shift
- ...grounded in industry-leading practices. ProSidian provides enterprise services/solutions for Risk Management, Compliance, Business Process, IT... ...Description ProSidian Seeks a Energy Infrastructure Risk Analyst | Project Finance & Credit Evaluation Support [DOE00630...Full timeContract workFor contractorsWork at officeRemote work
- ...speed, ownership, and execution over bureaucracy. Title: Risk and Vulnerability Analyst II Location: Washington, DC or Chandler, AZ Terms:... ...identification pipeline across a large-scale federal enterprise. You run ad hoc and automated scans across operating systems...Full timeWork experience placementFlexible hours
$177.7k - $202.8k
...Senior Manager, Risk Management - Policy Analyst Capital One is one of the fastest growing organizations in the world today, powered by our passion... ...dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just...Full timePart timeLocal area- JOB SUMMARY The Senior Analyst position supports the Insurance team and Risk Management department by transforming large, complex data sets into meaningful... ..., models and recurring reports to support enterprise-wide risk monitoring, insurance program analysis, and...Full timeWork at officeRemote workFlexible hours
$111.2k - $126.9k
...Senior Data Analyst - Enterprise Services At Capital One, data is at the center of everything we do. When we launched as a startup we disrupted the credit card industry by individually personalizing every credit card offer using statistical modeling and the relational...Full timePart timeLocal area
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Enterprise Risk Analyst. Be the first to apply!
- risk officer Washington DC
- it risk analyst Washington DC
- risk analyst Washington DC
- senior quantitative risk analyst Washington DC
- risk consultant Washington DC
- operational risk specialist Washington DC
- transaction risk analyst Washington DC
- operational risk consultant Washington DC
- technology risk Washington DC
- risk underwriter Washington DC


