Jobs · Finance · California

Enterprise Risk Analyst

True Anomaly · Long Beach, CA · 2 wk ago
On-siteFinance$115k–$155k/yrFull-time

Responsibilities

  • Support the design, execution, and continuous improvement of the enterprise risk management program.
  • Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies.
  • Document findings, threat profiles, and recommended mitigations.
  • Support the application of FAIR methodology to help quantify risks in financial terms.
  • Contribute to risk prioritization analyses for leadership.
  • Maintain and update the enterprise risk register.
  • Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
  • Audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
  • Manage POA&M for IL5 and IL6 environments, tracking open items to closure and escalating blockers.
  • Develop and maintain risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
  • Coordinate and track internal audit schedules, findings, and corrective action plans across business units.
  • Execute vendor risk assessments as part of the onboarding and periodic review lifecycle.
  • Maintain the vendor risk inventory and lifecycle tracking records.
  • Monitor vendor risk signals and escalate material changes.
  • Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
  • Ensure TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations.
  • Develop and maintain vendor risk reporting inputs and dashboard content.
  • Cross-functional collaboration serving as a point of contact for risk-related inquiries.
  • Track program milestones, action items, and deliverables.
  • Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.

Qualifications

  • 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
  • Familiarity with NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits.
  • Experience with risk assessment methodologies including FAIR and/or OCTAVE.
  • Hands-on experience with program management and GRC documentation tools.
  • Strong written and verbal communication skills, with the ability to document findings and translate risk concepts for both technical and non-technical audiences.
  • Highly organized, self-directed, and able to manage multiple workstreams simultaneously in a fast-paced, regulated environment.
  • Active or ability to obtain SECRET, TS/SCI security clearance.
  • Must be a U.S. citizen, lawful permanent resident, or protected individual as defined by 8 U.S.C. 1324b(a)(3).

Similar jobs