[Remote] IRM Analyst

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. MongoDB is a leading database platform empowering customers to innovate rapidly. The IRM Analyst is responsible for the daily execution of the internal risk program, ensuring effective risk assessments and management to provide leadership with a clear view of enterprise risks.ResponsibilitiesExecute risk assessments under senior guidance - perform scoping, inherent risk scoring, control assessment, and residual risk calculation using established methodologyConduct risk identification intake, manage the flow of requests from Jira Service Desk and the Issue Intake Tracker, review incoming submissions against entry criteria, assign Risk IDs, and replicate validated risks into the Risk RegisterAct as the Triage Officer for incoming risk submissions, determine whether submissions represent strategic risks, operational issues, or duplicates. Filter noise to focus the team on signalsDevelop risk scenarios for in-scope assets by working with asset owners and risk owners , identify threat communities, threat events, and impact categoriesDraft Risk Assessment Memos that tell a cohesive story from risk statement to risk rating to actionable recommendation. Progressively build toward independently authored memos that require minimal review notesMonitor and flag emerging risk signals , including AI-related risks (model integrity, data poisoning, shadow AI, third-party AI dependencies) , and escalate with documented analysis for integration into the risk frameworkIdentify and document controls that mitigate assessed risks , map controls to specific risk scenarios and applicable framework requirements (NIST SP 800-53, ISO 27001, SOC 2)Assess the design adequacy of controls , evaluate whether each control is appropriately designed to address the risk it is mapped to, and document findings with supporting rationaleAssess the operating effectiveness of controls , collect and evaluate evidence to determine whether controls are functioning as designed over the assessment period, and document resultsDocument control gaps and support remediation tracking , maintain clear records of where controls are missing, partially effective, or require compensating controls. Track remediation progressMaintain control-to-framework mappings to ensure risk assessment outputs directly support audit and certification evidence packages (FedRAMP, SOC 2, ISO 27001, PCI-DSS)Apply the established risk taxonomy and categorization methodology consistently across all assessed risksProcess risk acceptance requests in Jira , validate completeness, ensure documented context and stakeholder sign-off, confirm time-bound conditions, and flag concerns to the Senior leadMaintain the Risk Register, risk inventory, and supporting trackers with obsessive attention to data integrity, no missing dates, undefined owners, or stale entries. A Risk Register with governance gaps is a program failureContribute to KRI data collection and dashboard inputs , support accurate, timely reporting that feeds executive risk dashboards and governance forum materialsEngage directly with technical stakeholders (engineering, product, infrastructure teams) during risk assessments , ask informed questions, gather evidence, and document findingsProgressively build the technical fluency to lead stakeholder conversations independently , develop working proficiency in cloud-native architectures, SaaS security models, and common technical controls (IAM, encryption, network segmentation, logging/monitoring)Translate technical findings into clear, business-relevant risk language in all written work productsSupport drafting and maintaining risk procedures, guidelines, and assessment templates across the IRM program scopeExecute governance hygiene , data quality, tracker maintenance, workflow adherence, evidence organization, and documentation standardsManage the risk assessment pipeline in Jira, create and maintain workflows, dashboards, and use JQL to track the assessment ticket lifecycleSkills3–5 years of experience in Information Security, Governance, Risk, and Compliance (GRC), or Enterprise Risk ManagementExperience performing risk assessments — including risk identification, inherent/residual risk scoring, and documentation of findingsExperience identifying, documenting, and evaluating controls — including assessment of design adequacy and operating effectivenessStrong working knowledge of NIST CSF, NIST SP 800-30/39/53, and ISO/IEC 27005 — ability to use these frameworks as a library of controls and risk guidanceAdvanced proficiency in Excel/Google Sheets (pivot tables, VLOOKUP, complex formulas) for risk data analysis and reportingJira proficiency — managing projects, creating workflows and dashboards, and using JQLAbility to write clear, concise, and defensible Risk Assessment MemosObsessive attention to detail regarding data integrity and documentation qualityFoundational understanding of cloud-native architectures and common technical controls (IAM, encryption, logging/monitoring, network segmentation) — with a commitment to building deeper technical fluencyAwareness of AI risk concepts and willingness to develop expertise in emerging AI risk and regulatory landscapeA strong track record of collaborating effectively across teams and levelsBachelor's degree in Cybersecurity, Information Systems, Business Administration, or a related fieldCertifications: At least, one of the following certifications is required - CRISC, CISM, CISSP, or CISABenefitsEquityParticipation in the employee stock purchase programFlexible paid time off20 weeks fully-paid gender-neutral parental leaveFertility and adoption assistance401(k) planMental health counselingAccess to transgender-inclusive health insurance coverageHealth benefits offeringsCompany OverviewMongoDB is a global database software company offering NoSQL, cloud database, and AI-ready data platform. It was founded in 2007, and is headquartered in New York, New York, USA, with a workforce of 5001-10000 employees. Its website is https://www.mongodb.com.Company H1B SponsorshipMongoDB has a track record of offering H1B sponsorships, with 15 in 2026, 153 in 2025, 149 in 2024, 133 in 2023, 79 in 2022, 51 in 2021, 30 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

[Remote] IT Engineer

Remote

Experienced Live Chat Support Remote Customer Service Representative – Delivering Exceptional Shopping Experiences through Real-Time Interactions at arenaflex

Remote

Real Estate Property Accountant

Remote

**Experienced Full Stack Data Entry Specialist – Cloud Computing and Virtualization**

Remote

Personal Care Assistant

Remote

**Remote Data Entry Clerk - Part-Time Opportunity at arenaflex**

Remote

Privacy & AI Compliance Specialist

Remote

Quality Reviewer (Aetna SIU)

Remote

Finance Systems Analyst

Remote

Systemförvaltare inom krav och test

Remote
← Back