Information Security Risk Analyst

Remote Full-time
Your Impact

The Information Security Risk Analyst is responsible for identifying, assessing, tracking, and communicating information security risks across the organization. This role supports a maturing cybersecurity program by managing acceptable enterprise and third-party risks and leading security training initiatives.

About CivicPlus

At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

What You’ll Do

As an InfoSec Risk Analyst, you will:
• Identify and translate inherent and residual risk through likelihood, impact, treatment plans, and ownership.
• Define and track risk and awareness key metrics to measure program effectiveness and communicate to leadership and governance committees.
• Conduct and manage enterprise information security risk assessment through recognized frameworks (including NIST 800-30) and maintain an information security risk register.
• Lead third-party security risk assessments for vendors, partners, and service providers through analysis of assurance documentation, security testing summaries, and security questionnaires.
• Maintain the information security risk register and third-party vendor risk inventory to track and monitor ongoing risks and approved exceptions.
• Develop and lead enterprise security awareness training, including phishing simulations and targeted role-based training for security education and reporting.
• Support internal and external security and compliance assessments through risk evidence and documentation.
• Partner closely with organizational functions and key stakeholders to understand and address organizational risks across systems and processes, and ensure security risks are understood, prioritized, and treated in alignment with organizational risk appetite.

What We’re Looking For

We know that excellent candidates come from diverse backgrounds. Even if you don’t meet 100% of the listed requirements, we encourage you to apply!

Preferred Qualifications:

Experience
• 4 – 6 Years of experience in information security, cybersecurity, risk management, or related field
• Working experience managing enterprise/third-party risk assessments, risk registers, and security training programs.
• Working experience supporting compliance audits and certifications, including NIST 800-53 (FedRAMP/GovRAMP), ISO 27001, PCI, and/or SOC 2

Certifications
• Security+, GSEC, or equivalent
• Bachelor’s degree in Cybersecurity, Information Security, Information Systems, Risk Management, or a related field (preferred)

Skills
• Strong understanding of cybersecurity risk management principles and methodologies (such as NIST 800-30), modern security control frameworks (such as NIST 800-53), and Cloud / SaaS risk management and considerations (AWS, Azure, GCP)
• Ability to translate and communicate technical risks into clear business impact for non-technical stakeholders, including metrics (KPIs/KRIs) reporting and presentation
• Development of risk management and assessment policy and procedure documentation
• Inquisitive mindset for continuous monitoring and improvement within a mature security program

Why CivicPlus?

This role offers:
• Shape how security risk is managed across CivicPlus. Identify, assess, and guide the treatment of enterprise and third-party risks that impact our platforms and customers.
• Turn complex security risk into clear business insight. Partner with leaders across the organization to translate technical risk into actionable decisions.
• Build a stronger security culture. Lead enterprise security awareness initiatives, including phishing simulations and role-based training that help employees stay ahead of threats.
• Contribute to a growing cybersecurity program. Help mature risk management practices, frameworks, and reporting that strengthen CivicPlus’ overall security posture.

Compensation and Benefits
• Estimated Salary Grade Range: $70,300 - $101,300
• Anticipated Hiring Range: $70,000 - $80,000
• The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and is based on a 40-hour work week.
• Benefits: Comprehensive health insurance, dental insurance, vision insurance, Flexible Time Off, 401(k) plan, and more.

Our Hiring Process
• Introductory call with Talent Acquisition
• Interview with the Hiring Manager
• Interviews with Team Leadership (may include multiple conversations)
• Offer

Note: The process may vary slightly depending on the role.

Additional Information
• CivicPlus is currently unable to provide visa sponsorship for this position now or in the future. Applicants must be authorized to work in the US.
• We encourage you to apply as soon as possible, as applications will be reviewed on a rolling basis, and the posting may close earlier at the discretion of the Talent Acquisition team

Equal Opportunity Commitment

CivicPlus is proud to be an Equal Employment Opportunity employer. We celebrate and support diversity for the benefit of our employees, products, clients, and communities. Reasonable accommodations are available during the interview process.
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

**Experienced Full Stack Data Entry Specialist – Remote Database Management for blithequark**

Remote

Senior Manual Ethical Hacker

Remote

Experienced Customer Service Representative – Remote Live Chat Agent for Flexible and Dynamic Airline Environment

Remote

Production Planner (6 Month Fixed-Term Contract)

Remote

NEW JOB OPENING SENIOR IS BUSINESS INTELLIGENCE ANALYST IN REMOTE, USA!

Remote

Remote Web Chat Associate

Remote

Online Amazon Work At Home ? No Experience Needed (Join Our Team)

Remote

[Remote Part-time jobs] American Express Virtual Assistant Job Work From Home

Remote

Remote Part‑Time Digital Chat Moderator – Community Engagement & Safety Specialist (Flexible Schedule, $25‑$35/hr)

Remote

Senior Data Analyst (Remote)

Remote
← Back