Business and Security Risk Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

OneZero Solutions · 3 weeks ago

Business and Security Risk Analyst

positionSomerville, Massachusetts, United States
timeFull-time
remoteHybrid
seniorityMid Level
money$85K/yr - $105K/yr

OneZero Solutions is a fast-growing company that empowers banks, brokerages, and hedge funds with cutting-edge trade routing and execution technology. They are seeking a motivated Business and Security Risk Analyst to support their Enterprise Risk Management, information security, and regulatory risk programs by identifying, assessing, monitoring, and reporting risks that could impact the organization’s operations and compliance.

Cyber SecurityEnterpriseRisk Management

Responsibilities

Support the day-to-day operation of oneZero’s Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation
Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls
Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives
Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees
Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero’s trading platform
Assist in evaluating security risks associated with system changes, architecture decisions, and software development activities
Contribute to ongoing monitoring of cybersecurity risks and emerging threats relevant to financial services and trading platforms
Support vendor risk assessments, including security, privacy, business continuity, and financial risk reviews
Track third-party risk findings, remediation plans, and contractually required controls
Assist with due diligence responses to client and regulatory third-party risk inquiries
Support internal and external audits, client assessments, and regulatory examinations by collecting evidence, responding to inquiries, and tracking action items
Assist in maintaining alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC, regulatory client requirements)
Help prepare risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums
Develop and maintain key risk indicators (KRIs), key performance indicators (KPIs), and management reports related to business and security risk
Support preparation of materials for risk committees, management reviews, and executive reporting
Ensure risk documentation, policies, and procedures remain current and consistent with organizational practices
Work closely with engineering, IT, security, legal, compliance, product, and operations teams to embed risk management into business processes
Act as a liaison between technical teams and non-technical stakeholders, translating risk findings into clear, actionable insights

Qualification

Enterprise Risk ManagementInformation SecurityRisk AssessmentCompliance StandardsVendor Risk ManagementRisk Metrics ReportingCross-Functional Collaboration

Required

Mid-level experience in risk management, information security, or a related field
Experience with Enterprise Risk Management (ERM) programs
Ability to conduct risk identification, assessment, scoring, and documentation
Experience maintaining and updating risk registers
Ability to conduct business impact and risk assessments for new products, services, technologies, and strategic initiatives
Experience tracking risk treatment plans, remediation activities, and risk acceptance decisions
Experience performing security risk assessments related to applications, infrastructure, cloud services, and third-party integrations
Ability to evaluate security risks associated with system changes, architecture decisions, and software development activities
Experience monitoring cybersecurity risks and emerging threats relevant to financial services and trading platforms
Experience supporting vendor risk assessments, including security, privacy, business continuity, and financial risk reviews
Ability to track third-party risk findings, remediation plans, and contractually required controls
Experience supporting internal and external audits, client assessments, and regulatory examinations
Ability to maintain alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC)
Experience preparing risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums
Ability to develop and maintain key risk indicators (KRIs) and key performance indicators (KPIs)
Experience preparing materials for risk committees, management reviews, and executive reporting
Ability to ensure risk documentation, policies, and procedures remain current and consistent with organizational practices
Experience collaborating with cross-functional teams including engineering, IT, security, legal, compliance, product, and operations

Company

OneZero Solutions

twittertwitter
company-logo
OneZero Solutions specializes in cyber operations, enterprise services, virtual Ciso, cyber risk management & CMMC-pro.
dateFounded in 2017
location
Alexandria, Virginia, USA
people-size201-500 employees
web-link
https://www.onezerollc.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Al Sowers
Founder and President
linkedin
leader-logo
Bob Burnett
Chief Growth Officer
linkedin

Recent News

PR Newswire
OneOmega wins $160M U.S. Coast Guard Information Assurance Risk Management Framework Support IDIQ
2025-09-30
Washington Technology
Small business joint venture wins Coast Guard cyber contract
2025-08-30
2024 Fast 50
2024-10-26
Company data provided by crunchbase