Enterprise Risk Analyst

Your Mission 

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager you will play a hands-on role in executing risk assessments maintaining program documentation tracking remediation activities and building the data foundation that powers executive-level risk decision-making. 

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC is developing practical experience with risk quantification methodologies like FAIR and OCTAVE and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering security legal compliance and operations teams to help identify document and track risk across the enterprise and its third-party supply chain. 

Responsibilities:

Enterprise Risk Management 

• Support the design execution and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager. 

• Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies documenting findings threat profiles and recommended mitigations. 

• Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership. 

• Maintain and update the enterprise risk register ensuring accuracy of risk ratings ownership assignments remediation status and residual risk tracking. 

• Build and maintain program dashboards KPI/KRI reports and status tracking using tools such as Jira Confluence enterprise GRC platforms and MS Project. 

• Assist with audit readiness activities including evidence collection pre-assessment preparation control documentation and post-audit remediation tracking. 

• Support POA&M management for IL5 and IL6 environments tracking open items to closure and escalating blockers to the Enterprise Risk Manager. 

• Contribute to the development and maintenance of risk policies standards and guidelines aligned to NIST SP 800-53 Rev. 5 NIST SP 800-171 RMF and CMMC Level 3. 

• Coordinate and track internal audit schedules findings and corrective action plans across business units. 

Third-Party Vendor Risk Management 

• Execute vendor risk assessments as part of the onboarding and periodic review lifecycle including security questionnaire administration documentation review and risk scoring. 

• Maintain the vendor risk inventory and lifecycle tracking records ensuring all vendors are appropriately tiered and assessed on schedule. 

• Monitor vendor risk signals including cybersecurity advisories regulatory actions and contractual compliance status escalating material changes to the Enterprise Risk Manager. 

• Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language. 

• Assist in ensuring TPVRM program alignment with CMMC supply chain requirements DFARS clauses and ITAR/export control considerations for critical suppliers. 

• Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure. 

Cross-Functional Collaboration 

• Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering security operations and legal teams. 

• Track program milestones action items and deliverables proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager. 

• Continuously improve risk program workflows documentation templates and reporting processes to support scalable and repeatable execution. 

• Support the preparation of materials for internal leadership briefings external assessor interactions and government partner reviews. 

Qualifications 

• 5+ years of experience in enterprise risk management GRC cybersecurity risk compliance or a closely related discipline. 

• Working knowledge of NIST SP 800-53 NIST SP 800-171 DoD RMF (IL5/IL6) and CMMC with direct experience supporting assessments or audits under one or more of these frameworks. 

• Familiarity with risk assessment methodologies including FAIR and/or OCTAVE with a desire to deepen applied expertise in risk quantification. 

• Experience supporting or executing third-party/vendor risk assessments including questionnaire administration documentation review and risk tracking. 

• Hands-on experience with program management and GRC documentation tools including Jira Confluence (Atlassian suite) MS Project enterprise GRC platforms and MS Visio or Lucidchart. 

• Strong written and verbal communication skills with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences. 

• Highly organized self-directed and comfortable managing multiple workstreams simultaneously in a fast-paced regulated environment. 

• Active or ability to obtain SECRET TS/SCI security clearance. 

• Must be a U.S. citizen lawful permanent resident or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Background in startup aerospace defense technology or SaaS companies operating in regulated government markets. 

• Industry certifications such as:  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Auditor (CISA) 

• Open FAIR Certification (The Open Group) 

• CompTIA Security+ or equivalent 

• Certified ScrumMaster (CSM) or similar Agile certification 

• Experience with cloud environments particularly Azure Government and/or AWS GovCloud. 

• Familiarity with POA&M management SSP documentation and audit evidence collection in DoD authorization contexts. 

• Working knowledge of ITAR EAR DFARS and export control considerations as they relate to vendor and supply chain risk. 

• Familiarity with Agile/Scrum and hybrid project delivery models. 

Compensation 

• Base Salary: Denver - $115000 to $155000 Long Beach - $120000 to $165000 Washington DC - $120000 to $165000 

• Equity + Benefits including Health Dental Vision HRA/HSA options PTO and paid holidays 401K Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills education location and experience. 

Additional Requirements 

• Work Location: This role will be onsite at one of our office locations: Centennial CO Long Beach CA or Washington DC  #LI-Onsite 

• Work Environment: Standard office setting working at a desk or in a production factory environment 

• Physical Demands: May include frequent standing sitting walking bending and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen lawful permanent resident of the U.S. protected individual as defined by 8 U.S.C. 1324b(a)(3) or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience knowledge backgrounds and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex race religion or belief ethnic or national origin disability age citizenship marital domestic or civil partnership status sexual orientation gender identity pregnancy maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation please do not hesitate to let us know. 

What We Do

Space was once the quietest place in the universe. Now it's crowded contested and confrontational.  We are True Anomaly: the only defense company focused exclusively on space defense. Founded in 2022 by ex-U.S. Space Force members True Anomaly designs and builds advanced systems for space superiority: agile and powerful spacecraft platforms mission software engineered for unmatched command and control and payloads tailored for precision sensing and effects.    True Anomaly is headquartered in Centennial CO with regional offices in Colorado Springs CO Long Beach CA and Washington D.C.  We are hiring and seeking exceptional talent to join True Anomaly from any technical industry or background to bring unique talents perspective and solutions. If you embrace complexity lead instead of follow showcase integrity over ego take ownership for outcomes and measure success by impact we want to hear from you.

Why Work With Us

True Anomaly exists to enable a secure stable and sustainable space environment for the US its allies and partners. We design and build spacecraft and software solutions for space superiority. If you are ready to contribute to the future of space defense we’d love to hear from you.

Gallery