Logo
Cypress HCM

Cypress HCM is hiring: Information Security Analyst in San Jose

Cypress HCM, San Jose, CA, United States

Information Security Risk Assessment Senior Analyst


This is an exciting opportunity to join a growing global company in the cloud-based software industry! As a Security Risk Assessment Sr. Analyst, you will support the Information Security

Risk Management Program which is part of the organization’s InfoSec Governance, Risk, and Compliance (GRC) team.


Responsibilities:

  • Conduct security risk assessments to identify, score and document potential risks from
  • threats and vulnerabilities within the organization's infrastructure and applications.
  • Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength.
  • Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences.
  • Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
  • Maintain security risk register and ensure timely updates of the risk register.
  • Contribute to performing risk aggregation and risk analysis to identify top risks and areas of focus/improvement for prioritization.
  • Contribute to developing detailed reports and presentations on risk assessments, including identified aggregated top risks, risk treatment progress, trending and escalation. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management.
  • Actively contributes to the administration, maintenance and process improvements of the GRC risk assessment program.


Requirements:

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in security risk assessment, with strong background in cybersecurity and risk management, with hands-on working knowledge and experience in risk management frameworks such as NIST RMF, FAIR, and OWASP.
  • Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management.
  • Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC).
  • Experience with security risk remediation programs, including technical implementation and compliance considerations.
  • Excellent communication skills, capable of translating technical concepts into actionable insights for both technical and non-technical stakeholders.
  • Experience in identifying process improvements and enhancing operational efficiencies within security programs.
  • Experience with GRC Risk Management tool including tool implementation will be plus


Preferred Skills:

  • Experience with security assessment tools and methodologies.
  • Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP).
  • Strong project management skills with the ability to prioritize tasks and manage multiple projects simultaneously.
  • Certifications like PMP, CISSP, or CISM are a plus but not required.