Risk Analyst
About InvoiceCloud:
InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It’s an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com.
- Owns the accuracy, completeness, and ongoing maintenance of the cyber risk register, ensuring risks are clearly articulated, prioritized, and current.
- Takes accountability for tracking risk treatment plans, monitoring mitigation progress, and following up with risk owners to drive timely resolution.
- Serves as a trusted point of contact for cyber risk analysis, responding to inquiries from Security, Compliance, Internal Audit, and business stakeholders.
- Handles sensitive risk, regulatory, and audit-related information with integrity, discretion, and strong ethical standards.
- Establishes structured, repeatable processes for risk identification, assessment, documentation, and reporting to reduce variability and manual effort.
- Maintains and improves risk workflows, governance artifacts, and evidence collection to support audit-ready outcomes across frameworks such as SOC 2 and PCI.
- Coordinates third-party and vendor risk activities efficiently, aligning assessments with procurement and minimizing disruption to internal teams.
- Leverages automation and AI-enabled capabilities within GRC tooling to streamline risk data collection, trend analysis, and reporting cycles.
- Performs qualitative and quantitative risk assessments aligned to frameworks such as NIST CSF and FAIR or SAFE to surface the most impactful risks.
- Defines, tracks, and trends key risk indicators (KRIs) to provide leadership with clear visibility into current and emerging risk exposure.
- Produces concise, decision-oriented reporting for executives, risk committees, and leadership forums.
- Ensures risk insights translate into actionable outcomes by aligning findings with remediation plans and business priorities.
- Evolves risk analysis and reporting practices by incorporating new methodologies, data sources, and analytical techniques.
- Improves how cyber risk is communicated by translating technical and regulatory detail into clear, business-relevant insights.
- Identifies opportunities to enhance risk governance, measurement, and visualization as organizational maturity increases.
- Bachelor’s degree in Information Security, Risk Management, Business Analytics, or a related field preferred
- 3–5 years of experience in cyber risk, governance, compliance, or related security functions
- Working knowledge of cyber risk frameworks and methodologies such as NIST CSF, ISO 27005, and FAIR or SAFE
- Experience maintaining risk registers, tracking mitigation plans, and supporting risk governance processes
- Familiarity with regulatory and assurance frameworks such as SOC 2 and PCI, including evidence collection and audit support
- Hands-on experience with GRC platforms such as Drata or Safebase
- Strong analytical skills using tools such as Excel; basic SQL experience is a plus
- Proven ability to translate technical and regulatory risk into clear, actionable insights for leadership audiences
- Strong judgment and decision-making skills, including evaluating trade-offs between risk, cost, and business impact
- Demonstrated ability to handle sensitive and confidential information with professionalism and integrity
- Excellent written and verbal communication skills
- Ability to manage multiple priorities, work independently, and deliver results in a fast-paced environment
InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race, color, religion, age, sex, nationality, disability, genetic information, veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected under applicable laws.
This commitment applies to all aspects of employment, including recruitment, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training.
If you require a disability-related or religious accommodation during the application or recruitment process, and wish to discuss possible adjustments, please contact jobs@invoicecloud.com.
Click here to review InvoiceCloud’s Job Applicant Privacy Policy.
For recruitment agencies: InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases, employees, or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.
Sponsored
