Semperis · 1 day ago
Cyber Risk Analyst
Addison, TX
Full-time
Hybrid
Senior Level
5+ years expSemperis is a rapidly growing cybersecurity company recognized for its workplace culture and innovation. They are seeking a detail-oriented Cyber Risk Analyst to safeguard organizational assets by identifying and assessing potential cyber risks associated with vendors and technology, while collaborating with cross-functional teams to recommend effective risk control strategies.
Cyber SecurityEnterprise SoftwareIdentity ManagementInformation Technology
No H1B
Hiring Manager
Lauren Muckstadt
Responsibilities
Conduct technology risk assessments across new and existing applications, Review submitted risk exception requests, validate technical necessity, evaluate proposed compensating controls, and assign residual risk ratings (High, Medium, Low)
Ensure comprehensive, auditable documentation is maintained for all approved, denied, and conditionally approved exceptions, including mandatory review dates and resolution plans
Collect, process, and interpret multiple sources of data to model Cyber Risk scenarios, forecast potential outcomes, and evaluate Cyber Risk exposure. Translate technical findings into clear, measurable business risk statements for audience in multiple disciplines including leadership, customers and technical delivery teams
Track risk plan milestones and drive issue management initiating timely follow-ups with Business Owners to ensure our controls are adequate, compliance is assured and overall risk goals are met
Develop mitigation strategies, recommend strategies to reduce, transfer, or avoid identified Cyber Risks - such as implementing new policies, controls, or processes. Collaborate with other teams to define and prioritize remediation efforts based on risk severity and business impact
Improve and automate Risk management process, working with the security and risk leadership teams
Perform security assessments of new and existing third-party vendors and service providers, reviewing security attestations (e.g., SOC 2, ISO 27001) and security questionnaires
Assess incoming compliance artifacts provided by third parties and research external sources to develop comprehensive risk assessments including risk scoring metrics
Document and communicate inherent and residual risks associated with vendor reliance and data handling practices. Prepare detailed reports, summaries, and presentations for management and stakeholders to communicate findings, recommendations, and trends
Utilize and manage the corporate GRC platform and risk management tools to streamline risk workflows, automate control monitoring, and improve reporting efficiency
Identify opportunities to automate manual GRC tasks, specifically integrating risk tracking and control evidence gathering into GRC tools
Respond to customer, partner or compliance questionnaires related to product security. This will involve Liaoning with product teams and other knowledge sources to maintain a knowledge library, utilizing a combination of AI, manual & automated process to prepare SQ responses according to SLA expectations
Support the Risk & InfoSec team in reviewing, updating, and aligning IT Security Policies, Standards, and Procedures with regulatory requirements and industry best practices
Assist in gathering evidence and documentation required for internal and external security audits and compliance reviews
Stay updated with industry trends, regulatory changes, and compliance standards to ensure the organization adheres to all legal and regulatory requirements
Qualification
Required
5+ years of relevant experience in Information Security, IT Risk Management, IT Audit, or GRC, with a heavy focus on technology risk
Deep working knowledge of key GRC concepts, risk assessment methodologies, and industry frameworks (e.g., NIST SP 800-53/CSF, ISO 27001)
Proven, hands-on experience using and configuring modern GRC platforms for risk management, policy management, and compliance automation
Experience in configuring and using tools such as Archer, ServiceNow, MetricStream or Vanta preferred
Experience with IT and Security tools, SaaS / other Cloud technologies and/or software development
Understanding of Security Controls, and cross-discipline cybersecurity, endpoint, network, data, identity, access management, privacy, accessibility, etc. concepts
Clear understanding of foundational Information Protection concepts is required
Exceptional ability to analyze complex technical vulnerabilities and control failures/gaps, translating them into measurable business risk
Detailed quantitative assessment skills to support findings & recommendations
Excellent written and verbal communication skills, including the ability to communicate technical risk concepts effectively to both technical and executive audiences
CRISC, CISM, CISA, or similar recognized security and risk management certifications
Bachelor's degree in computer science, Information Security, or a related field
Company
Semperis
Semperis is a developer of enterprise identity protection and cyber resilience for cross-cloud and hybrid environments.
501-1000 employees
Funding
Current Stage
Late StageTotal Funding
$498.3MKey Investors
Kohlberg Kravis RobertsInsight PartnersMaverick Ventures Israel
2024-06-20Series C· $125M
2024-06-20Debt Financing· $125M
2022-05-24Series C· $208.3M
Leadership Team
Mickey Bresman
CEO
Guy Teverovsky
CTO & Co-Founder
Recent News
2026-01-16
2025-12-17
2025-12-16
Company data provided by crunchbase