Cybersecurity Risk Analyst

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Perform thorough risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other components of internal technology operations.

• Create and sustain risk registers, threat models, vulnerability and threat management programs, and risk treatment plans across eight enterprise risk categories.

• Conduct both quantitative and qualitative risk analyses utilizing industry-standard methodologies (ISO 27005, ISO 31000, NIST RMF).

• Assess security risks posed by third-party vendors and evaluate supply chain vulnerabilities using structured Third-Party Risk Management (TPRM) frameworks.

• Utilize AI tools to enhance risk identification, analysis, and reporting workflows.

• Formulate and propose risk mitigation strategies and security controls.

• Work alongside technical teams to implement security measures and monitor their effectiveness.

• Monitor remediation efforts and validate risk reduction activities through GRC platform integrations.

• Develop and maintain risk metrics and key risk indicators (KRIs).

• Ensure compliance with regulatory and industry standards including state-specific gaming regulations (GLI-19, GLI-33, GLI-GSF), ISO 27001, ISO 42001, PCI DSS v4.0, SOC 2, NIST CSF, and GDPR.

• Assist with internal and external audits (Deloitte, Bulletproof, Schellman) by collecting evidence, preparing documentation, and coordinating audit activities.

• Uphold security policies, procedures, and risk management frameworks within the IMS.

• Participate in AI governance initiatives including maintaining an AI service registry, detecting Shadow AI, and ensuring compliance with ISO 42001.

• Identify opportunities for enhancing agentic automation by integrating new MCP servers and APIs into current AI workflows, thereby minimizing manual effort across compliance, audit, and risk operations.

• Prepare risk reports and dashboards for management, audit committees, and gaming regulators.

• Document risk assessment methodologies and maintain assessment artifacts.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Information Security, Technology Risk Management, or a related field.

• 3-5 years of experience in cybersecurity risk management, GRC, or IT audit within the technology sector.

• Proven experience with risk assessment methodologies and frameworks (ISO 27005, ISO 31000, NIST RMF).

• Knowledge of security controls and their application in cloud environments.

• Experience with GRC platforms (Vanta experience preferred).

• Practical experience utilizing AI/LLM tools in a professional security or risk management setting.

• Demonstrated proficiency with AI coding assistants and agentic AI tools.

• Ability to create effective prompts and collaborate iteratively with AI to generate high-quality risk assessments, policies, and compliance documentation.

• Understanding of AI governance concepts, including data classification for AI use, model training policies, AI risk assessment, and responsible AI principles.

• Familiarity with Model Context Protocol (MCP) or similar frameworks for connecting AI agents to external data sources and APIs.

🏝️ Benefits

• Flexible vacation allowance.

• Remote or Hybrid Flexibility: Enjoy the choice of remote work with opportunities for in-person collaboration at our Austin or Florida headquarters, or a hybrid setup.

• Innovative Environment: Become part of a team that excels at pushing boundaries.

• Growth Opportunities: As we expand, your role will evolve, offering you limitless opportunities for personal and professional development.

• Diverse and Inclusive: Join a team that values diversity, inclusivity, and embraces a variety of perspectives.