Sr. Risk Analyst (Remote)

#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud-native platform has offered unparalleled protection against the most sophisticated cyberattacks. We're looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.
About the Role:
The Risk Analyst will be part of the Governance, Risk, and Compliance (GRC) team, assisting in the identification, assessment, measurement, monitoring, and reporting of risk. This role focuses on managing the security risk process, performing risk assessments, and maintaining the risk and issue register.
The ideal candidate will understand current processes and proactively seek improvements in CrowdStrike's Risk Management process and GRC program to support a fast-paced, secure, and empowered environment. They will be responsible for identifying, assessing, measuring, monitoring, and reporting risks through CrowdStrike's GRC program. This operational role includes identifying business risks and overseeing the implementation of management controls within the Information Technology and corporate environments. The ideal candidate will have an expert-level understanding of current processes and proactively seek improvements in CrowdStrike's risk posture and GRC program in the tech industry. They will conduct control testing, perform readiness assessments, and leverage their experience with various technical Information Technology environments (e.g., SaaS, Network Layer) to help business partners understand risks and achieve operational efficiency.
This role requires a strategic thinker with a deep understanding of cybersecurity principles and the ability to communicate effectively across all organizational levels.
What You'll Do:

• Perform risk assessments to analyze security risks and create risk treatment plans.
• Maintain and catalog a cybersecurity risk management program, including identifying, evaluating, and mitigating risks across the organization.
• Maintain and catalog operational controls and their ownership across the organization.
• Identify areas for improvement within GRC and lead efforts to address and remediate them.
• Collaborate across departments to align with shared compliance goals and objectives.
• Coordinate with IT and business units to implement effective cybersecurity measures and integrate security practices into business processes.
• Evaluate new processes, policies, and systems to determine their impact on the Risk program.
• Identify key risks and controls, recommend improvements, assess risks and controls for Information Security projects, and ensure the proper design and configuration of controls in related business processes and IT infrastructure using a risk-based approach.

What You'll Need:

• At least 5 years of job-related experience, with a preferred BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, Cybersecurity, or other related field.
• Experience in using ServiceNow for Risk Management
• Fundamental technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.
• Ability to evaluate the potential impact of issues on the overall security posture and associated risk.
• Knowledge and practical experience with policy and regulatory frameworks such as COBIT, SOC1/SOC2, CSA-CCM, ISO 27001/27002/27031/42001, GDPR, CCPA, PCI-DSS, NIST 800-34, NIST 800-53, FedRAMP, CMMC).
• Proven experience working across teams and to achieve company objectives, and the ability to build rapport and maintain relationships across various functions within the company.
• Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.
• Ability to think strategically about risks and tie those risks to tactical organizational activities.
• Experience assessing new technologies and/or regulations that may impact process and control requirements.
• Perform other duties within the scope of governance, risk, and compliance as needed.
• Participate in annual and iterative risk and control planning and scoping activities to understand significant changes to the IT environment that impact Information Security.
• Practical experience leading internal risk programs and comfort with communications to executives and high-level management.
• Strong written and verbal communication skills with native or near-native English language fluency.

Behaviors/Competencies:

• Ability to adapt quickly and be effective in new situations, driving results.
• Strong history of working independently and completing tasks with minimal supervision.
• Detail-oriented and strives to produce quality work.
• Views challenges as opportunities.
• Team player with a passion for uplifting others to succeed.

Bonus Points:

• Experience building a Risk Management program from the ground up.
• Program and project management experience in scoping, work breakdown, critical path analysis, resourcing, managing time estimates, project risks, and quality.
• Experience with CrowdStrike products or services.
• Experience with waterfall, DevOps, and agile system development methodologies, including CI/CD practices, automated change testing, and industry-leading software used in a toolchain.

#LI-Remote
#LI-RC1
#LI-KC1
This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.
Benefits of Working at CrowdStrike:

• Remote-first culture
• Market leader in compensation and equity awards
• Competitive vacation and flexible working arrangements
• Comprehensive and inclusive health benefits
• Physical and mental wellness programs
• Paid parental leave, including adoption
• A variety of professional development and mentorship opportunities
• Offices with stocked kitchens when you need to fuel innovation and collaboration

We are committed to fostering a culture of belonging where everyone feels seen, heard, valued for who they are and empowered to succeed. Our approach to cultivating a diverse, equitable, and inclusive culture is rooted in listening, learning and collective action. By embracing the diversity of our people, we achieve our best work and fuel innovation - generating the best possible outcomes for our customers and the communities they serve.
CrowdStrike is committed to maintaining an environment of Equal Opportunity and Affirmative Action. If you need reasonable accommodation to access the information provided on this website, please contact [email protected] , for further assistance.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
Right to Work
CrowdStrike, Inc. is committed to fair and equitable compensation practices. The base salary range for this position in the U.S. is $95,000 - $155,000 per year + variable/incentive compensation + equity + benefits. A candidate's salary is determined by various factors including, but not limited to, relevant work experience, skills, certifications and location.
Expected Close Date of Job Posting is:09-05-2024