Senior Security Risk Analyst

This role is for someone who is looking to positively impact Rapid7 with their information security knowledge by contributing to Security Trust & Governance operations. An information security, risk management and/or information technology background would set you up for success in this position. Your ability to successfully carry out cross-functional work will require strong communication skills, patience, and a solution-oriented attitude.

You’ll join us in our North Station HQ (Boston) and work with an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your ongoing career development.

About the Team

Rapid7’s Trust & Security Governance team functions within the Information Security department and plays a crucial role in supporting the organization’s mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Legal, Procurement, and many other teams at Rapid7.

About the Role

We’re looking for a Senior Security Risk Analyst to drive the evaluation of the information security risks of third parties used by Rapid7 and partner closely with stakeholders throughout the organization to drive continued awareness and improvement in the Security GRC domain.

In this role, you will:

• Drive third party risk management efforts by performing security assessments of potential and current Rapid7 partners/vendors. This requires considering elements such as the architecture of computer information systems, the sensitivity of data that will be processed, the vendor’s overall security program maturity, and any aspect of the engagement that could introduce risk to Rapid7.

• Address questions about Rapid7’s internal security program from customers, prospects, and auditors. This will often require working with other members of the Information Security team, and with other Rapid7 teams, including Engineering, Product Management, Content Strategy, and Legal.

• Assist senior members of the security team with tasks related to:

  • General information security risk management and assessment initiatives

  • Identify risks while evaluating the design and operational effectiveness of controls to report opportunities for improvement

  • Define and product metrics for Management consumption

  • Aiding in security awareness and culture initiatives throughout the company

  • Compliance program maintenance and audit management

  • Policy and standard development

  • Workflow/process improvements

The skills you’ll bring include:

• 5+ years of experience in information security, information technology, risk management, data privacy/management, or an adjacent field.

• Ability to identify service/product integrations risks and advice and influence business owners to make a secure use of third party products.

• Strong project management abilities, including ability to coordinate initiatives across technical and non-technical teams/stakeholders and managing distributed teams and projects.

• Experience collaborating closely with security partners, including incident response, red teams, architects, and engineers to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations.

• Strong communication skills with the ability to translate complex technical concepts into business language

• Experience with security standards/frameworks such as ISO 27001, SOC2, PCI, FedRAMP, NIST CSF, CIS CSC, etc.

• Knowledge of public cloud environments, software supply chain and free open source software.

• Experience using Third Party Scoring platforms (Security Scorecard, BitSight, Black Kite, etc.), Third Party Risk Management systems (e.g. Aravo) and collaborative tools (Confluence, g-suite, Jira, Miro, etc.)

• Interested in emerging technologies such as Artificial Intelligence or Quantum Computing and in general with the fast evolving threat landscape.

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

About Rapid7

Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people. With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.