Security Risk Analyst

We are seeking a detail-oriented Security Risk Analyst to perform high-volume information security risk assessments following our established InfoSec Risk Management Framework (RMF).This role demands a disciplined approach to methodology, consistent scoring, and clear communication to ensure accurate risk identification, evaluation, and treatment across internal processes and third-party vendors. ResponsibilitiesExecute comprehensive risk assessments covering products, platforms, processes, and changes using RMF protocolsApply standardized scoring metrics to assess likelihood and impact, calculating risk levels accordinglyDrive decisions on risk treatment, creating actionable plans with assigned owners and target datesRecord and manage risk acceptance approvals based on predefined escalation criteriaUpdate and maintain the Risk Register with current statuses, results, and supporting evidenceCommunicate findings and treatment plans clearly to relevant stakeholders, ensuring traceabilitySchedule and trigger reevaluations when there are changes in assets, threats, or vulnerabilitiesCompile and report metrics such as risk distribution, SLA compliance, and overdue treatments as requiredSupport third-party risk management (TPRM) by conducting vendor security assessments during peak volume periods or when needed Requirements2–5 years of experience in InfoSec risk management, GRC, or audit with a focus on assessment operationsFamiliarity with NIST RMF (SP 800-37), NIST 800-30, and control catalogs such as NIST 800-53; knowledge of ISO 27005 is a plusProficiency in using GRC tools like ServiceNow, Archer, or OneTrust, along with strong spreadsheet skillsCapability to assess application/service changes, infrastructure, and vendors using structured questionnaires and evidenceUnderstanding of risk data analysis through pivot tables, basic charts, and queue monitoringStrong written communication skills for generating treatment plans, acceptance memos, and stakeholder updates We offerWe gather like-minded people:Engineering community of industry professionalsFriendly team and enjoyable working environmentFlexible schedule and opportunity to work remotely within PolandChance to work abroad for up to 60 days annuallyBusiness-driven relocation opportunitiesWe provide growth opportunities:Outstanding career roadmapLeadership development, career advising, soft skills, and well-being programsCertification (GCP, Azure, AWS)Unlimited access to LinkedIn Learning, Get Abstract, Cloud GuruEnglish classesWe cover it all:Stable income (Employment Contract or B2B)Participation in the Employee Stock Purchase PlanBenefits package (health insurance, multisport, shopping vouchers)Strategically located offices featuring entertainment and relaxation zones, table tennis and football, free snacks, fantastic coffee, and moreReferral bonusesCorporate, social and well-being eventsPlease, note:The set of bonuses might vary based on the role you apply for – specifics will be discussed with our recruiter during the general interview.We will reach out to selected candidates exclusively. EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.