Senior Technical Cyber Risk Analyst

Semperis Ltd.

Job Overview

Location

Dallas, TX

Job Type

Full-time

Full Job Description

📋 Description

• As a Senior Technical Cyber Risk Analyst at Semperis, you will be at the forefront of safeguarding our organization's digital assets and ensuring robust operational resilience. This pivotal role involves the meticulous identification, assessment, and mitigation of potential cyber risks across a wide spectrum of our technology landscape, including all incoming vendors, third-party services, and critical technologies.
• You will be instrumental in fostering strong collaborative relationships with cross-functional internal teams and external third-party vendors and providers. Your responsibilities will include proactively requesting, collecting, and rigorously analyzing pertinent information and security collateral to conduct comprehensive cyber risk assessments.
• Based on your findings, you will recommend and, where necessary, require the implementation of effective cyber risk control strategies to protect Semperis from evolving threats.
• A core function of this position is the proactive management of technology risk. This includes ensuring that all deviations from established policies and standards are meticulously documented, appropriately compensated for, and subject to regular, thorough review.
• You will leverage data and sophisticated analytical models to forecast potential outcomes of identified risks, providing critical insights to advise management on strategic decisions and developing comprehensive control plans designed to minimize potential losses.
• Your expertise will be crucial in performing detailed technology risk assessments for both new and existing applications. This includes the thorough review of submitted risk exception requests, validating the technical necessity of such exceptions, evaluating the efficacy of proposed compensating controls, and assigning appropriate residual risk ratings (High, Medium, Low).
• Maintaining comprehensive, auditable documentation for all approved, denied, and conditionally approved exceptions is paramount. This documentation must include mandatory review dates and clear resolution plans to ensure ongoing accountability and oversight.
• You will be responsible for collecting, processing, and interpreting data from multiple sources to accurately model cyber risk scenarios, forecast potential outcomes, and evaluate overall cyber risk exposure. A key aspect of this role is the ability to translate complex technical findings into clear, measurable business risk statements that can be effectively communicated to diverse audiences, including leadership, customers, and technical delivery teams.
• Proactively track the milestones of risk mitigation plans and drive effective issue management. This involves initiating timely follow-ups with Business Owners to ensure our controls remain adequate, compliance is consistently assured, and overall risk management goals are successfully met.
• Develop and recommend effective mitigation strategies to reduce, transfer, or avoid identified cyber risks. This may involve the implementation of new policies, the enhancement of existing controls, or the introduction of new processes.
• Collaborate closely with other internal teams to define and prioritize remediation efforts, ensuring that these efforts are aligned with risk severity and potential business impact.
• Play a key role in improving and automating our risk management processes, working in close partnership with security and risk leadership teams to enhance efficiency and effectiveness.
• Conduct thorough security assessments of new and existing third-party vendors and service providers. This includes the detailed review of security attestations (e.g., SOC 2, ISO 27001) and the analysis of security questionnaires.
• Assess incoming compliance artifacts provided by third parties and conduct external research to develop comprehensive risk assessments, including the application of robust risk scoring metrics.
• Document and clearly communicate the inherent and residual risks associated with vendor reliance and their data handling practices. Prepare detailed reports, concise summaries, and compelling presentations for management and stakeholders to effectively communicate findings, strategic recommendations, and emerging trends.
• Utilize and manage the corporate GRC platform and other risk management tools to streamline risk workflows, automate control monitoring, and significantly improve reporting efficiency.
• Identify and implement opportunities to automate manual GRC tasks, with a specific focus on integrating risk tracking and control evidence gathering directly into our GRC tools.
• Respond effectively to customer, partner, or compliance questionnaires related to product security. This will involve close liaison with product teams and other knowledge sources to maintain an up-to-date knowledge library, utilizing a combination of AI, manual, and automated processes to prepare Security Questionnaire (SQ) responses according to established Service Level Agreement (SLA) expectations.
• Support the Risk & InfoSec team in the critical task of reviewing, updating, and aligning IT Security Policies, Standards, and Procedures with current regulatory requirements and evolving industry best practices.
• Assist in the crucial process of gathering evidence and documentation required for internal and external security audits and compliance reviews, ensuring a state of audit readiness.
• Continuously stay updated with the latest industry trends, regulatory changes, and compliance standards to ensure the organization consistently adheres to all applicable legal and regulatory requirements.
• Contribute to Semperis' mission of being a Force for Good by ensuring the security and integrity of our systems and data, thereby protecting our customers and partners.

🎯 Requirements

• 5+ years of relevant experience in Information Security, IT Risk Management, IT Audit, or GRC, with a strong emphasis on technology risk.
• Deep working knowledge of key GRC concepts, risk assessment methodologies, and industry frameworks such as NIST SP 800-53/CSF, ISO 27001.
• Proven, hands-on experience using and configuring modern GRC platforms (e.g., Archer, ServiceNow, MetricStream, Vanta) for risk management, policy management, and compliance automation.
• Exceptional ability to analyze complex technical vulnerabilities and control failures/gaps, translating them into measurable business risk, with detailed quantitative assessment skills to support findings and recommendations.
• Excellent written and verbal communication skills, with the ability to effectively communicate technical risk concepts to both technical and executive audiences.

🏖️ Benefits

• Be part of a global team on the front lines of cybersecurity innovation.
• Opportunity to work in a company recognized as one of America’s Fastest-Growing Cybersecurity Companies by the Inc. 5000.
• A culture that celebrates curiosity, integrity, and initiative, with a focus on employee growth and balance.
• Hybrid work model offering flexibility between remote and in-office work.
• Comprehensive benefits package (details to be discussed during the interview process).

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Semperis Ltd.

Visit Website

About Semperis Ltd.

Semperis provides identity-driven cyber resilience for hybrid and multi-cloud environments, specializing in Microsoft Active Directory and Azure AD. Its platform automates threat detection, response, and recovery for identity systems, enabling organizations to prevent, detect, and remediate attacks like ransomware and identity compromise. The company offers real-time monitoring, forensic analysis, and disaster recovery capabilities to ensure continuous business operations. Founded by security experts, Semperis serves enterprises and government agencies worldwide, helping them secure critical identity infrastructure against evolving cyber threats. Solutions include Directory Services Protector, Purple Knight, and Forest Recovery.

View Company Profile