Security Risk Analyst

We are seeking a detail-oriented Security Risk Analyst to perform high-volume information security risk assessments following our established InfoSec Risk Management Framework (RMF).

This role demands a disciplined approach to methodology, consistent scoring, and clear communication to ensure accurate risk identification, evaluation, and treatment across internal processes and third-party vendors.

Responsibilities

• Execute comprehensive risk assessments covering products, platforms, processes, and changes using RMF protocols
• Apply standardized scoring metrics to assess likelihood and impact, calculating risk levels accordingly
• Drive decisions on risk treatment, creating actionable plans with assigned owners and target dates
• Record and manage risk acceptance approvals based on predefined escalation criteria
• Update and maintain the Risk Register with current statuses, results, and supporting evidence
• Communicate findings and treatment plans clearly to relevant stakeholders, ensuring traceability
• Schedule and trigger reevaluations when there are changes in assets, threats, or vulnerabilities
• Compile and report metrics such as risk distribution, SLA compliance, and overdue treatments as required
• Support third-party risk management (TPRM) by conducting vendor security assessments during peak volume periods or when needed

Requirements

• 2–5 years of experience in InfoSec risk management, GRC, or audit with a focus on assessment operations
• Familiarity with NIST RMF (SP 800-37), NIST 800-30, and control catalogs such as NIST 800-53; knowledge of ISO 27005 is a plus
• Proficiency in using GRC tools like ServiceNow, Archer, or OneTrust, along with strong spreadsheet skills
• Capability to assess application/service changes, infrastructure, and vendors using structured questionnaires and evidence
• Understanding of risk data analysis through pivot tables, basic charts, and queue monitoring
• Strong written communication skills for generating treatment plans, acceptance memos, and stakeholder updates

We offer

• We gather like-minded people:
  • Engineering community of industry professionals
  • Friendly team and enjoyable working environment
  • Flexible schedule and opportunity to work remotely within Poland
  • Chance to work abroad for up to 60 days annually
  • Business-driven relocation opportunities
• We provide growth opportunities:
  • Outstanding career roadmap
  • Leadership development, career advising, soft skills, and well-being programs
  • Certification (GCP, Azure, AWS)
  • Unlimited access to LinkedIn Learning, Get Abstract, Cloud Guru
  • English classes
• We cover it all:
  • Stable income (Employment Contract or B2B)
  • Participation in the Employee Stock Purchase Plan
  • Benefits package (health insurance, multisport, shopping vouchers)
  • Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and more
  • Referral bonuses
  • Corporate, social and well-being events
• Please, note:
  • The set of bonuses might vary based on the role you apply for – specifics will be discussed with our recruiter during the general interview.
  • We will reach out to selected candidates exclusively.

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.