Information Security Risk Assessor

DMI is seeking an Information Security Risk Assessor to join their team. The ideal candidate will have 4+ years of experience in a relevant field and possess hands-on experience with Governance, Risk, and Compliance tools such as ServiceNow. The candidate will support the client's Governance, Risk, and Compliance (GRC) efforts by performing detailed risk evaluations and compliance assessments.

Requirements

• Demonstrated hands-on experience with Governance, Risk, Compliance tools such as ServiceNow, Riskonnect, LogicManager, RSA Archer.
• Strong understanding and application of cybersecurity risk management principles and control frameworks, including NIST SP 800-53, NIST RMF 800-37, ISO 27001, HIPAA Security Rule, PCI and FedRAMP.
• Demonstrated ability to conduct structured risk assessments, to include the analysis of compensating controls, residual risk determination, application of quantitative risk models, and providing formal recommendation regarding the acceptance or denial of exception requests.
• Demonstrated experience with the policy exception request process to include the intake/review of new exception requests to ensure completeness, accuracy, and consistency of the information provided, follow up with requestors to obtain missing or unclear information, performance of risk assessments, approval/denial recommendations and stakeholder communications regarding risk acceptance
• Strong technical foundation with the ability to interpret network diagrams, threat models, vulnerability scan results, and compliance assessment reports.
• Familiarity with risk qualification methodologies such as NIST, ISO 27005, Factor Analysis of Information Risk (FAIR).
• Demonstrated ability to evaluate third-party System and Organization Controls (SOC) reports specifically SOC 1 Type II and SOC 2 Type II—for completeness, relevance, and control alignment.
• Proven ability to contribute to third-party risk assessments, compliance audits, and the evaluation of internal security controls.
• Proven track record in performing the duties of an Information Security Risk Analyst, including structured risk assessments and policy exception reviews.
• Track record of supporting policy exception management processes and risk tolerance assessments in complex regulatory environments.

Benefits

• Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel, and many other items to provide convenience.
• Development – Annual performance management, continuing education, and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
• Financial – Generous 401k matches both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
• Recognition – Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgment, employee referral bonuses.
• Wellness – Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, and several other wellness options.