GRC Careers

JobsEnterprise Risk Analyst

Enterprise Risk Analyst

True Anomaly
RiskTS/SCIOn-siteFull-timeDenver, CO or Long Beach, CA or Washington$115,000 to $155,000

Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.

OUR MISSION

True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors — enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.

OUR VALUES

strong Be the offset. span We create asymmetric advantages with creativity and ingenuity.
strong What would it take? We challenge assumptions to deliver ambitious results.
strong It’s the people. Our team is our competitive advantage and we are better together.

strong span Your Mission span 134233117:true, 134233118:true, 201341983:0, 335559740

span We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making. span 134233117:true, 134233118:true, 201341983:0, 335559740

span This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain. span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

strong span Responsibilities:

span 134233117:true, 134233118:true, 201341983:0, 335559740

strong span Enterprise Risk Management span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Support POA and M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Coordinate and track internal audit schedules, findings, and corrective action plans across business units. span 134233117:true, 134233118:true, 201341983:0, 335559740

strong span Third-Party Vendor Risk Management span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure. span 134233117:true, 134233118:true, 201341983:0, 335559740

strong span Cross-Functional Collaboration span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews. span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

strong span Qualifications span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span 5+ years span of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Active or ability to obtain strong span SECRET span, strong span TS/SCI security clearance span. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

strong span Preferred Qualifications span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Industry certifications such as: span 134233117:true, 134233118:true, 201341983:0, 335559740

New 335552541:1, 335559685:1440, 335559991:360, 469769226: Courier New, 469769242 469777803: left, 469777804: o, 469777815: multilevel span Certified in Risk and Information Systems Control (CRISC) span 134233117:true, 134233118:true, 201341983:0, 335559740

New 335552541:1, 335559685:1440, 335559991:360, 469769226: Courier New, 469769242 469777803: left, 469777804: o, 469777815: multilevel span Certified Information Systems Auditor (CISA) span 134233117:true, 134233118:true, 201341983:0, 335559740

New 335552541:1, 335559685:1440, 335559991:360, 469769226: Courier New, 469769242 469777803: left, 469777804: o, 469777815: multilevel span Open FAIR Certification (The Open Group) span 134233117:true, 134233118:true, 201341983:0, 335559740

New 335552541:1, 335559685:1440, 335559991:360, 469769226: Courier New, 469769242 469777803: left, 469777804: o, 469777815: multilevel span CompTIA Security+ or equivalent span 134233117:true, 134233118:true, 201341983:0, 335559740

New 335552541:1, 335559685:1440, 335559991:360, 469769226: Courier New, 469769242 469777803: left, 469777804: o, 469777815: multilevel span Certified ScrumMaster (CSM) or similar Agile certification span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Experience with cloud environments, particularly Azure Government and/or AWS GovCloud. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Familiarity with POA and M management, SSP documentation, and audit evidence collection in DoD authorization contexts. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk. span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel span Familiarity with Agile/Scrum and hybrid project delivery models. span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

strong span Compensation span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span Base Salary: span Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span Equity + Benefits span including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave span 134233117:true, 134233118:true, 201341983:0, 335559740

em span Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

strong span Additional Requirements span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span Work Location: span This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC strong span # -Onsite span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span Work Environment: span Standard office setting, working at a desk or in a production factory environment span 134233117:true, 134233118:true, 201341983:0, 335559740

335552541:1, 335559685:720, 335559991:360, 469769226: Symbol, 469769242 469777803: left, 469777804: , 469777815: multilevel strong span Physical Demands: span May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. span 134233117:true, 134233118:true, 201341983:0, 335559740

span 201341983:0, 335559739:0, 335559740

em span This position will be open until it is successfully filled. span 134233117:true, 134233118:true, 201341983:0, 335559740

span To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. span 134233117:true, 134233118:true, 201341983:0, 335559740

span We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. span 134233117:true, 134233118:true, 201341983:0, 335559740

span

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.

Apply for this role → Back to all jobs