A new space race has begun. True Anomaly seeks those with the talent and ambition to build innovative technology that solves the next generation of engineering, manufacturing, and operational challenges for space security and sustainability.

OUR MISSION

The peaceful use of space is essential for continued prosperity on Earth—from communications and finance to navigation and logistics. True Anomaly builds innovative technology at the intersection of spacecraft, software, and AI to enhance the capabilities of the U.S., its allies, and commercial partners. We safeguard global security by ensuring space access and sustainability for all.

OUR VALUES

Be the offset. We create asymmetric advantages with creativity and ingenuity
What would it take? We challenge assumptions to deliver ambitious results
It’s the people. Our team is our competitive advantage and we are better together

Your Mission

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.

Responsibilities:

Enterprise Risk Management

Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.

Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.

Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.

Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.

Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.

Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.

Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.

Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.

Coordinate and track internal audit schedules, findings, and corrective action plans across business units.

Third-Party Vendor Risk Management

Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.

Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.

Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.

Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.

Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.

Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.

Cross-Functional Collaboration

Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.

Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.

Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.

Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.

Qualifications

5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.

Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.

Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.

Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.

Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.

Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.

Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.

Active or ability to obtain SECRET, TS/SCI security clearance.

Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).

Preferred Qualifications

Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.

Industry certifications such as:

Certified in Risk and Information Systems Control (CRISC)

Certified Information Systems Auditor (CISA)

Open FAIR Certification (The Open Group)

CompTIA Security+ or equivalent

Related Jobs
Tester Sr SAP
Neoris
Monterrey, Mexico
Full Time
Tester SAP
Neoris
Monterrey, Mexico
Full Time
Licensed Therapist -LCSW-C, LMSW, LCPC, LGPC, LMFT
Hellobackpack
Annapolis, MD; Baltimore, MD; Bowie, MD; Clinical Practice- Remote; Columbia, MD; Dundalk, MD; Elkri
Full Time
Licensed Therapist
Hellobackpack
Annapolis, MD; Baltimore, MD; Bowie, MD; Clinical Practice- Remote; Columbia, MD; Dundalk, MD; Elkri
Part Time
Licensed Mental Health Therapist
Hellobackpack
Clinical Practice- Remote; Glendale, Arizona, United States; Phoenix, Arizona, United States; Remote
Part Time
Bilingual Licensed Psychotherapist
Hellobackpack
Champaign, IL; Chicago, IL; Clinical Practice- Remote; Naperville, IL; Peoria, IL; Springfield, IL
Part Time

Enterprise Risk Analyst

Related Jobs

Tester Sr SAP

Tester SAP

Licensed Therapist -LCSW-C, LMSW, LCPC, LGPC, LMFT

Licensed Therapist

Licensed Mental Health Therapist

Bilingual Licensed Psychotherapist