Logo
Cypress HCM

Information Security Analyst Job at Cypress HCM in San Jose

Cypress HCM, San Jose, CA, United States

Information Security Risk Assessment Senior Analyst


This is an exciting opportunity to join a growing global company in the cloud-based software industry! As a Security Risk Assessment Sr. Analyst, you will support the Information Security

Risk Management Program which is part of the organization’s InfoSec Governance, Risk, and Compliance (GRC) team.


Responsibilities:

  • Conduct security risk assessments to identify, score and document potential risks from
  • threats and vulnerabilities within the organization's infrastructure and applications.
  • Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
  • Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
  • Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
  • Maintain security risk register and ensure timely updates of the risk register.
  • Contribute to performing risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization.
  • Contribute to developing detailed reports and presentations on risk assessments, including identified aggregated top risks, risk treatment progress, trending and escalation. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management.
  • Actively contributes to the administration, maintenance and process improvements of the GRC risk assessment program.


Requirements:

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in security risk assessment, with strong background in cybersecurity and risk management, with hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.
  • Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.
  • Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).
  • Experience with security risk remediation programs, including technical implementation and compliance considerations.
  • Excellent communication skills, capable of translating technical concepts into actionable insights for both technical and non-technical stakeholders.
  • Experience in identifying process improvements and enhancing operational efficiencies within security programs.
  • Experience with GRC Risk Management tool including tool implementation will be plus


Preferred Skills:

  • Experience with security assessment tools and methodologies.
  • Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).
  • Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.
  • Certifications like PMP, CISSP, or CISM are a plus but not required.