Apply on Employer Site

oneZero Financial Systems · 3 weeks ago

Business and Security Risk Analyst

Somerville, MA

Full-time

Onsite

Mid Level

$85K/yr - $105K/yr

oneZero Financial Systems is a fast-growing company that empowers financial institutions with advanced trade routing and execution technology. The Business and Security Risk Analyst plays a critical role in supporting the company's Enterprise Risk Management and information security programs by identifying, assessing, and reporting risks to inform leadership decisions.

AnalyticsFinancial Services

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Support the day-to-day operation of oneZero’s Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation

Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls

Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives

Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees

Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero’s trading platform

Assist in evaluating security risks associated with system changes, architecture decisions, and software development activities

Contribute to ongoing monitoring of cybersecurity risks and emerging threats relevant to financial services and trading platforms

Support vendor risk assessments, including security, privacy, business continuity, and financial risk reviews

Track third-party risk findings, remediation plans, and contractually required controls

Assist with due diligence responses to client and regulatory third-party risk inquiries

Support internal and external audits, client assessments, and regulatory examinations by collecting evidence, responding to inquiries, and tracking action items

Assist in maintaining alignment with relevant frameworks and standards (e.g., ISO 27001, SOC 2, NIST, FFIEC, regulatory client requirements)

Help prepare risk and security metrics, dashboards, and summaries for leadership, clients, and governance forums

Develop and maintain key risk indicators (KRIs), key performance indicators (KPIs), and management reports related to business and security risk

Support preparation of materials for risk committees, management reviews, and executive reporting

Ensure risk documentation, policies, and procedures remain current and consistent with organizational practices

Work closely with engineering, IT, security, legal, compliance, product, and operations teams to embed risk management into business processes

Act as a liaison between technical teams and non-technical stakeholders, translating risk findings into clear, actionable insights

Qualification

Enterprise Risk ManagementInformation SecurityRisk AssessmentCompliance StandardsVendor Risk ManagementRisk Metrics ReportingCross-Functional Collaboration

Required

Support the day-to-day operation of oneZero's Enterprise Risk Management (ERM) program, including risk identification, assessment, scoring, and documentation

Maintain and update the enterprise risk register, ensuring risks are clearly articulated, owned, and mapped to mitigating controls

Assist in conducting business impact and risk assessments for new products, services, technologies, and strategic initiatives

Track risk treatment plans, remediation activities, and risk acceptance decisions, and report status to management and governance committees

Perform security risk assessments related to applications, infrastructure, cloud services, and third-party integrations supporting oneZero's trading platform