Information Security Risk Analyst

🕒 March 31

🇺🇸 United States – Remote

💵 $80.2k - $117.1k / year

⏰ Full Time

🟡 Mid-level

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

CivicPlus

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2001

📋 Compliance

🏛️ Government

☁️ SaaS

Compliance • Government • SaaS

CivicPlus is a leading provider of technology solutions for local governments, aimed at transforming the way municipalities operate and engage with their residents. With over 25 years of experience, CivicPlus offers a broad range of software solutions designed to automate processes, digitize services, and enhance civic experiences, all while ensuring compliance and accessibility. Their offerings include municipal websites, mass notification systems, social media archiving, 311 CRM system, and agenda and meeting management, among others. CivicPlus focuses on delivering a modern government experience, providing flexible, scalable, and customizable solutions to meet the complex needs of public sector operations. Their technology is trusted by over 10,000 local governments and is designed to improve communication, streamline workflows, and increase civic participation and satisfaction.

📋 Description

• Identify and translate inherent and residual risk through likelihood, impact, treatment plans, and ownership. • Define and track risk and awareness key metrics to measure program effectiveness and communicate to leadership and governance committees. • Conduct and manage enterprise information security risk assessment through recognized frameworks (including NIST 800-30) and maintain an information security risk register. • Lead third-party security risk assessments for vendors, partners, and service providers through analysis of assurance documentation, security testing summaries, and security questionnaires. • Maintain the information security risk register and third-party vendor risk inventory to track and monitor ongoing risks and approved exceptions. • Develop and lead enterprise security awareness training, including phishing simulations and targeted role-based training for security education and reporting. • Support internal and external security and compliance assessments through risk evidence and documentation. • Partner closely with organizational functions and key stakeholders to understand and address organizational risks across systems and processes, and ensure security risks are understood, prioritized, and treated in alignment with organizational risk appetite.

🎯 Requirements

• 4 – 6 Years of experience in information security, cybersecurity, risk management, or related field • Working experience managing enterprise/third-party risk assessments, risk registers, and security training programs. • Working experience supporting compliance audits and certifications, including NIST 800-53 (FedRAMP/GovRAMP), ISO 27001, PCI, and/or SOC 2 • Certifications Security+, GSEC, or equivalent • Bachelor’s degree in Cybersecurity, Information Security, Information Systems, Risk Management, or a related field (preferred)

🏖️ Benefits

• Comprehensive health insurance • Dental insurance • Vision insurance • Flexible Time Off • 401(k) plan • and more.