Senior Risk Analyst
Skills
About the Role
You will be a core builder and operator of AlphaSense's maturing security risk management program. You'll design, implement, and mature a risk framework spanning information security, AI, and operational risk, building a program that is quantitative-leaning, connected to live data sources, and actionable at every level from service owner to executive leadership. You will establish risk identification and scoring methodologies, own the enterprise risk register, and produce risk intelligence that drives real decisions. You will also support the TPRM function led by a dedicated TPRM lead, contributing to assessments and risk tracking as needed. You'll bring an AI-native mindset, using AI to monitor threat landscapes, analyze risk data, draft risk narratives, and surface emerging risks faster than a traditional manual program could.
Requirements
- 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
- Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
- AI-native mindset using AI tools such as LLMs, agents, and automation for analysis, drafting, evidence gathering, and workflow automation
- Proficiency with GRC platforms for evidence management and control testing such as Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent
- Familiarity with cloud environments (AWS, Azure, or GCP) and related security and compliance posture tooling (CSPM, SIEM, identity platforms)
- Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
- Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation
- Working knowledge of risk registers, control libraries, and policy governance lifecycles
- Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA)
- Strong written communication, analytical thinking, and attention to detail
- 4+ years of hands-on experience in information security risk management or a combined GRC/risk role
- Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows
- Proven experience maturing an organization's risk program from qualitative to quantitative risk measurement
- Experience with data warehousing concepts, KRI development and tracking, and risk reporting pipelines
- Strong analytical skills with comfort in qualitative and quantitative risk scoring, heat maps, likelihood/impact matrices, and risk appetite articulation
- Experience producing executive-ready risk reports and translating technical findings into business impact language
- Experience supporting TPRM assessments and contributing to vendor risk documentation
Responsibilities
- Design and implement a structured risk management program including risk taxonomy, scoring methodology, risk appetite statements, and escalation thresholds
- Align the risk program with ISO 27005, NIST RMF, or ISO 31000 as appropriate
- Build and maintain the enterprise risk register as a living operational tool
- Lead periodic risk identification workshops with business, engineering, and legal stakeholders
- Ensure every risk has a documented owner, risk rating, treatment decision, and remediation timeline
- Leverage AI tools to monitor threat intelligence, identify patterns across risk data, and accelerate risk narrative drafting
- Build AI-assisted workflows that reduce manual risk review burden and surface emerging risks earlier
- Validate AI output before it informs a risk decision
- Support the TPRM function in partnership with the dedicated TPRM lead
- Contribute to vendor risk assessments, risk scoring, and finding documentation
- Provide risk framework input to ensure third-party risks are consistently rated and tracked
- Identify and assess AI-related risks including data privacy, model bias, explainability, security misuse, agentic system behavior, and third-party AI dependencies
- Support compliance with AI governance frameworks such as ISO 42001, NIST AI RMF, and EU AI Act
- Produce clear, executive-ready risk reports, dashboards, and periodic risk summaries
- Translate technical risk findings into business impact language for leadership and board levels
- Provide cross-functional risk and control guidance on process improvements, new technology adoption, and remediation activities
- Support stakeholders in interpreting risk requirements and embedding risk management practices
