Skip to content
WHOOPWHOOPBoston, MA

Senior Risk & Compliance Analyst

Leads cyber and technology risk assessments, maintains the enterprise risk register, and supports governance for cybersecurity risks. Partners across teams to evaluate emerging technologies like AI and translates technical risks into business terms for executives. Requires 6+ years in cybersecurity risk management.

Salary not listed
On-siteSecurity Engineering

About the role

Responsibilities

  • Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk.
  • Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes.
  • Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making.
  • Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated.
  • Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting.
  • Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes.
  • Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens.
  • Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications.
  • Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies.
  • Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends.
  • Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes.
  • Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program.

Qualifications

  • 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field.
  • Demonstrated experience conducting structured cybersecurity or IT risk assessments.
  • Experience maintaining risk registers and tracking risk mitigation or treatment activities.
  • Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements.
  • Ability to translate technical findings into clear business risk for non-technical stakeholders.
  • Strong written and verbal communication skills with experience presenting findings to cross-functional teams.
  • Experience working with engineering, architecture, legal, compliance, and business stakeholders.
  • Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards.
  • Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus.

Skills

FairCloudSecurity ArchitectureRisk AssessmentCybersecurityArtificial IntelligenceMachine LearningRisk RegisterDashboardsQuantitative Risk Analysis
Snowflake

Senior Software Engineer

SnowflakeBellevue, WA +1

Senior Software Engineer building Snowflake's core identity, access management, and AI-native security infrastructure for the Data Cloud. Design secure agent workflows, IAM systems, encryption, and policy enforcement tooling at massive scale.

200k – 288k/yr
Hybrid5+ YOESecurity Engineering
Anthropic

Software Security Engineering Manager, Secure Frameworks

AnthropicSan Francisco, CA +1

Lead the Secure Frameworks Research team at Anthropic to build high-leverage security libraries and frameworks (cryptographic, serialization, authorization) that prevent vulnerabilities in AI model development. Manage engineers, drive adoption across teams, and balance security rigor with development velocity; requires 5+ years security/software engineering and 3+ years managing security teams.

405k – 485k/yr
Hybrid8+ YOESecurity Engineering
Forus

Founding Security Engineer

ForusNew York, NY

Founding Security Engineer owning cloud (AWS/GCP), product, AI data, detection/response, and compliance (HIPAA/SOC 2) for a healthcare AI platform handling PHI at scale. Requires 7+ years security engineering on strong SWE foundation, hands-on IaC, and multi-domain expertise.

Salary not listed
On-site7+ YOESecurity Engineering
Flexport

Manager, Supply Chain Protection & Loss Intelligence

FlexportMiami, FL

Manager responsible for global supply chain protection, loss prevention, and physical security programs at Flexport. Oversees 50+ security officers, electronic systems (CCTV/access control), data-driven investigations, policy/SOP authoring, and new facility stand-up across offices and fulfillment centers.

Salary not listed
On-site8+ YOESecurity Engineering
Crusoe

Physical Security Manager

CrusoeDallas, TX

Lead day-to-day operations of Crusoe's 24/7 Global Security Operations Center (GSOC), overseeing monitoring, incident response, intelligence, and crisis management to protect facilities and infrastructure. Requires experience building high-performing teams, driving operational maturity, and ensuring compliance in a fast-growing environment.

Salary not listed
On-site7+ YOESecurity Engineering