Security Risk Specialist

• Perform comprehensive risk assessments aligned with Avalara s risk management framework and develop actionable remediation plans.
• Analyze and identify risks across technical environments, with a focus on application design, software architecture, and security tooling configurations.
• Drive the identification, management, and mitigation of risks within security infrastructure and technical control implementations.
• Collaborate with cross-functional teams, including system owners, developers, and architects, to integrate risk management practices into the development lifecycle.
• Ensure risk and compliance controls are executed consistently and effectively across teams and within defined SLAs.
• Coordinate the documentation and migration of control information into Avalara s GRC platform.
• Maintain high standards of execution, coordination, and quality control across assigned risk and compliance initiatives.
• Proactively engage on multiple simultaneous projects with internal and external stakeholders to support strategic security and compliance objectives.
• Assist with the performance of ad hoc risk and compliance assessments as needed.

What Youll Need to be Successful

• Bachelor s degree in Information Technology, Computer Science, or equivalent experience.
• 3+ years of experience in IT Audit, IT Security, or IT Risk Management.
• Proven experience conducting systemic risk analysis in complex technical environments, including reviewing application design and architecture.
• Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST, etc.
• Strong understanding of application security principles, including the ability to assess risk through code and design review processes.
• Deep knowledge of technical controls, including their design, implementation, and effectiveness.
• Experience working with business continuity, disaster recovery, vendor risk management, data privacy, and regulatory compliance.
• Skilled in identifying business risks and evaluating trade-offs between technical and business objectives.
• Experience with risk management platforms (e.g., ServiceNow GRC) is a plus.
• Highly self-motivated, proactive, and capable of managing concurrent priorities with minimal supervision.
• Strong organizational, planning, verbal, and written communication skills.