Risk Analyst

About InvoiceCloud

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It’s an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com.

Risk Analyst

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It’s an award-winning, purpose-driven environment where top talent thrives.

Job Details

We are seeking a highly skilled and detail-oriented Risk Analyst to support and advance InvoiceCloud’s Cybersecurity and Enterprise Risk Management programs. This is an individual contributor role responsible for identifying, analyzing, prioritizing, and clearly communicating cyber risk across the organization in a consistent, repeatable, and decision-oriented manner.In this role, you will work across multiple cybersecurity and governance workstreams, maintaining the cyber risk register, supporting qualitative and quantitative risk assessments, and ensuring that risk treatment plans are well-defined, tracked, and aligned to business priorities. You will partner closely with Security, Compliance, Internal Audit, and business stakeholders to ensure risks are accurately represented, properly governed, and supported by audit-ready evidence.The Risk Analyst operates with a high degree of accountability and ownership, managing risk data, metrics, and reporting that inform leadership decision-making. You will be responsible for translating complex technical and regulatory risk into clear, actionable insights for executive audiences, including risk committees and senior leadership. While this role does not include people management, it carries meaningful enterprise impact through influence, rigor, and the quality of analysis delivered.

Success Profile

This role is anchored in our company’s core competencies—These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Ownership

• Owns the accuracy, completeness, and ongoing maintenance of the cyber risk register, ensuring risks are clearly articulated, prioritized, and kept current.
• Takes accountability for tracking risk treatment plans, monitoring mitigation progress, and following up with risk owners to drive timely resolution.
• Serves as a trusted point of contact for cyber risk analysis, responding to questions from Security, Compliance, Internal Audit, and business stakeholders with sound judgment.
• Handles sensitive risk, regulatory, and audit-related information with integrity, discretion, and strong ethical standards.
  

Drives Efficiency

• Establishes structured, repeatable processes for risk identification, assessment, documentation, and reporting to reduce manual effort and variability.
• Maintains and improves risk workflows, governance artifacts, and evidence collection to support audit-ready outcomes across SOC 2, PCI, and other frameworks.
• Coordinates third-party and vendor risk activities efficiently, aligning reviews with procurement and minimizing friction for internal teams.
• Leverages automation and AI-enabled capabilities within GRC tooling to streamline risk data collection, trend analysis, and reporting cycles.
  

Results Driven

• Performs qualitative and quantitative risk assessments aligned to frameworks such as NIST CSF and FAIR/SAFE to surface the most impactful risks.
• Defines, tracks, and trends key risk indicators (KRIs), ensuring leadership has clear visibility into current and emerging risk exposure.
• Produces concise, decision-oriented reporting for executives, risk committees, and the board, highlighting risk levels, treatment progress, and changes over time.
• Ensures risk insights translate into actionable outcomes by aligning findings with remediation plans and business priorities.
  

Innovative

• Evolves risk analysis and reporting practices by incorporating new methodologies, data sources, and analytical techniques.
• Improves how cyber risk is communicated by translating technical and regulatory detail into clear, business-relevant insights.
• Identifies opportunities to enhance risk governance, measurement, and visualization as the organization’s security and compliance maturity grows.
  

Requirements

• Bachelor’s degree in Information Security, Risk Management, Business Analytics, or a related field preferred.
• 3–5 years of experience in cyber risk, governance, compliance, or related security functions.
• Working knowledge of cyber risk frameworks and methodologies such as NIST CSF, ISO 27005, and FAIR or SAFE risk quantification.
• Experience maintaining risk registers, tracking mitigation plans, and supporting risk governance processes.
• Familiarity with regulatory and assurance frameworks such as SOC 2 and PCI, including evidence collection and audit support.
• Hands-on experience with GRC platforms (e.g., Drata, Safebase) and strong analytical skills using tools such as Excel or basic SQL.
• Ability to translate technical and regulatory risk into clear, actionable insights for security leadership and executive stakeholders.
• Strong judgment and decision-making skills, with the ability to evaluate trade-offs between risk, cost, and business impact.
• Demonstrated ability to handle sensitive and confidential information with integrity and professionalism.
• Excellent written and verbal communication skills, with the ability to operate effectively across teams and functions.
• Proven ability to manage multiple priorities, work independently, and deliver results in a fast-paced, evolving environment.
  

InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race, color, religion, age, sex, nationality, disability, genetic information, veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected under applicable laws.This commitment applies to all aspects of employment, including recruitment, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training.If you require a disability-related or religious accommodation during the application or recruitment process, and wish to discuss possible adjustments, please contact jobs@invoicecloud.com.Click

here

to review InvoiceCloud’s Job Applicant Privacy Policy.

For recruitment agencies:

InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases, employees, or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.