Senior IRM Analyst

The Information Security Risk Team at MongoDB is the operational engine of the internal and third-party risk programs. Situated within the Assurance Risk and Compliance (ARC) organization the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification assessment and treatment ensuring that MongoDB’s leadership has a clear quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc) applying risk methodology producing risk memos and working with asset/risk owners across the business that powers MongoDB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA FedRAMP NIS2).

This role can be based remotely in the United States.

Program Maturity

• Risk Assessment Methodology Implementation: Lead the strategic roadmap to integrate the risk matrix into the risk framework
• Regulatory Governance: Ensure the risk program complies with global regulations specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls. Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
• Policy & Procedure Ownership: Maintain the Information Risk Management Procedure (ISQMS) ensuring that risk identification assessment and treatment processes are documented updated annually and followed consistently across the organization

Operational Execution

• Experience conducting technical security risk assessments (infrastructure cloud application-level). Including experience in evaluating control effectiveness through technical evidence (configurations logs architecture diagrams)
• Workflow Orchestration: Own the end-to-end risk assessment process
• Inherent Risk Scoring: Validate the team’s application of the Risk Scoring formula.   Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
• Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
• Ticket Hygiene: Actively manage the Jira backlog to prevent "frozen tickets”

Monitoring and Reporting

• Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes incidents or new initiatives
• Identify risk scenarios for the in-scope assets by working with the asset and risk owners
• Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
• Synthesize the analysis into high-quality Risk Assessment Memos. These documents must tell a cohesive story moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
• Manage the risk acceptance process in JIRA review for appropriateness and accuracy
• Maintain the Risk Management Dashboard and report on accurate risk metrics

• Professional Experience: 10+ years of experience in Information Security Governance Risk & Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end including scoping threat modeling control evaluation and executive reporting
• Evaluate control effectiveness using technical evidence (configs logs architecture diagrams)
• Perform threat modeling using established methodologies (STRIDE MITRE ATT&CK)
• Deep operational understanding of risk assessment methodologies (NIST SP 800-30) and standard control frameworks (NIST CSF NIST SP 800-53 ISO 27001 SOC 2 SIG Core/Lite CAIQ)
• Regulatory Knowledge: Comprehensive knowledge of DORA NIS2 FedRAMP Rev 5 (specifically Supply Chain/SCRM) GDPR and PCI-DSS requirements
• Ability to write executive-level risk reports that translate technical flaws into business risks
• A strong track record of collaborating effectively across teams and levels to influence change
• Education: Bachelor’s degree in a relevant field (Cybersecurity Business Information Systems)
• Certifications: CRISC CCSP CISSP CISA relevant cloud certifications

About MongoDB

MongoDB is built for change empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era enabling innovators to create transform and disrupt industries with software. MongoDB’s unified database platform the most widely available globally distributed database on the market helps organizations modernize legacy workloads embrace innovation and unleash AI. Our cloud-native platform MongoDB Atlas is the only globally distributed multi-cloud database and is available across AWS Google Cloud and Microsoft Azure.

With offices worldwide and over 60000 customers including 75% of the Fortune 100 and AI-native startups relying on MongoDB for their most important applications we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment guiding how and why we make decisions show up for each other and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups to fertility assistance and a generous parental leave policy we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability please inform your recruiter.

MongoDB Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

Req ID: 1273387742

What We Do

The database market is big. How big? Well according to IDC it’ll reach $153 billion by 2027. And MongoDB is at the forefront of that innovation with thousands of customers across the globe. We empower developers and businesses to build and deploy the applications they want wherever they want.

Why Work With Us

We are ambitious. We are passionate about creativity. And we believe the best paths are the ones we have yet to forge.

Gallery