Senior Security Risk Analyst



Multiple locations
Posted on Thursday, June 20, 2024

The Opportunity

Our GRC team within Information Security is crucial in supporting our mission. We ensure we meet our duty of care to our customers, employees, and partners by creating effective governance for upholding internal security policies, distributing foundational security expertise across every department to create a strong security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role engages regularly with other cross-functional teams such as Legal, IT, HR, Sales, Finance, and other executive teams.

We're looking for a Senior Security Risk Analyst to help advance our security risk and third-party risk programs, helping us operationalize our risk management program alongside our third-party risk program by implementing and managing companywide risk assessments, managing the risk register, and operationalizing a risk methodology that works across the enterprise. Security and third-party risk are cross-cutting focus areas that impact all parts of the business, and this analyst will be responsible for not only maintaining and fleshing out the existing program but also seeking out areas in which the program should advance and mature. As Tricentis continues to grow, there are great opportunities for career growth.

Your profile

Are you looking for a new opportunity to grow your career in information security, while being hands-on, applying your compliance & governance skills to our rapidly maturing company-wide security governance programs? Do you want to have a direct impact on Tricentis’ risk management program?

If you've been answering “yes” to these questions, then you might be the person we're looking for! Keep reading below to learn more about this unique opportunity to drive impact on a security team at a security company.

What You’ll Do:

  • Guide and advise other teams on the responsibilities of implementing Tricentis’ security controls, policies, and processes across our products and corporate environments
  • Build positive relationships with partner teams in Marketing, Legal, Sales, Customer Success, HR, and other teams to continuously improve our internal security culture and external awareness of Tricentis’ security program
  • Help create metrics to demonstrate the efficiency and effectiveness of our Security risk program and to inform continuous program improvements
  • Evolve our risk management practices to be more transparent, highly efficient, easy for stakeholders to engage with, and centered around objective evidence and data
  • Build data pipelines and metrics (KPIs, KRIs, KCIs) that provide real-time insight into our risk posture
  • Develop, streamline, automate, and integrate security review processes (threat modeling, secure design reviews, etc.) and risk management processes (identification assessment analysis reporting)
  • Empower technical teams to efficiently self-serve security review processes, such as threat modeling
  • Identify and assess risk scenarios using qualitative and quantitative methods
  • Co-create risk mitigation and remediation plans with InfoSec and partner team subject matter experts

What You’ll Bring

  • Senior-level experience typically gained in 6-8 years working in Security Risk and Third Party Risk
  • Experience with risk assessments and advisory functions
  • Experience with risk rating methodologies
  • Experience recommending mitigating controls and driving risk remediation
  • Experience reporting on risks and program operations to management
  • Expert knowledge of security risk management practices (inc. 3rd party).
  • Ability to operate various security risk management processes & tooling
  • Solid understanding of security risk and control frameworks such as ISO 27001
  • Solid understanding of cloud security architectures, technologies, and security controls

What is nice to have:

  • management experience, specifically building and running risk and third-party risk programs for technology companies
  • Bachelors’ degree in Business, Computer Science, or a related field
  • ISO27001 (supporting certification efforts)
  • NIST SP 800-53, NIST SP 800-30
  • SOC2 (supporting certification efforts)
  • Secure Controls Framework (mapping and execution)
  • Information security certification or risk management certifications preferred (CISA, CISM, CRISC, CISSP)
  • Experience building metrics using business intelligence, data analytics, or dashboarding tools (PowerBI)
  • Experience using and administering various audit and GRC-focused technology platforms
  • Experience leading enterprise risk management functions

You can look forward to:

  • Flexible working schedule (no core hours)
  • Learning and career growth opportunities
  • 25 days of paid time off
  • 3 Sick Days
  • 4 days of paid Volunteering Leave per year to get involved in your local community or in a cause that matters to you
  • Hybrid work environment, with home-office allowance
  • Meal allowance
  • Pension Contribution
  • Life & Disability Insurance
  • Paid Sickness leave
  • A team of passionate professionals who are experts in their fields
  • Events for employees to learn, celebrate and socialize (training sessions, hackathons, parties, sports events, board game gatherings, BBQs) and much more

Tricentis Core Values:

Knowing what we need to achieve and how to achieve it is important. Tricentis core values define our ways of working and the behaviors we model that create an enjoyable and successful Tricentis life.

  • Demonstrate Self-Awareness: Own your strengths and limitations.
  • Finish What We Start: Do what we say we are going to do.
  • Move Fast: Create momentum and efficiency.
  • Run Towards Change: Challenge the status quo.
  • Serve Our Customers & Communities: Create a positive experience with each interaction.
  • Solve Problems Together: We win or lose as one team.
  • Think Big & Believe: Set extraordinary goals and believe you can achieve them.

About Tricentis:

Tricentis is a software company officially founded in 2007, with primary focus on software quality assurance. Whether exploratory or automated, functional or performance, API or UI, as well as mainframes or custom applications or packaged applications, or cloud-native applications - our comprehensive suite of specialized Continuous Testing tools makes DevOps real by giving our clients the confidence to release on demand.

Tricentis has more than 1500 employees working in across over 20 global offices in US, EMEA, APAC serving over 2100 customers, and currently expanding our R&D centers to two new locations in the Czech Republic – Prague and Brno - Hybrid office environment.