×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Information Security Cybersecurity

Senior IRM Analyst

Job in Broken Arrow, Tulsa County, Oklahoma, 74011, USA
Listing for: MongoDB
Full Time position
Listed on 2026-06-09
Job specializations:
  • IT/Tech
    Information Security, Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

The Information Security Risk Team at Mongo

DB is the operational engine of the internal and third-party risk programs. Situated within the Assurance, Risk, and Compliance (ARC) organization, the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification, assessment, and treatment, ensuring that Mongo

DB’s leadership has a clear, quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst, you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director, you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc), applying risk methodology, producing risk memos and working with asset/risk owners across the business that powers Mongo

DB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA, FedRAMP, NIS2).

This role can be based remotely in the United States.

Responsibilities Program Maturity
  • Risk Assessment Methodology Implementation:
    Lead the strategic roadmap to integrate the risk matrix into the risk framework.
  • Regulatory Governance:
    Ensure the risk program complies with global regulations, specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls. Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
  • Policy & Procedure Ownership:
    Maintain the Information Risk Management Procedure (ISQMS), ensuring that risk identification, assessment, and treatment processes are documented, updated annually, and followed consistently across the organization
Operational Execution
  • Experience conducting technical security risk assessments (infrastructure, cloud, application-level). Including experience in evaluating control effectiveness through technical evidence (configurations, logs, architecture diagrams)
  • Workflow Orchestration:
    Own the end-to-end risk assessment process
  • Inherent Risk Scoring:
    Validate the team’s application of the Risk Scoring formula. Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
  • Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
  • Ticket Hygiene:
    Actively manage the Jira backlog to prevent "frozen tickets"
Monitoring and Reporting
  • Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes, incidents, or new initiatives
  • Identify risk scenarios for the in-scope assets by working with the asset and risk owners
  • Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
  • Synthesize the analysis into high-quality, Risk Assessment Memos. These documents must tell a cohesive story, moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
  • Manage the risk acceptance process in JIRA, review for appropriateness and accuracy
  • Maintain the Risk Management Dashboard and report on accurate risk metrics
Requirements
  • Professional

    Experience:

    10+ years of experience in Information Security, Governance, Risk & Compliance (GRC)
  • Hands‑on experience conducting enterprise‑level security risk assessments end‑to‑end, including scoping, threat modeling, control evaluation, and executive reporting
  • Evaluate control effectiveness using technical evidence (configs, logs, architecture diagrams)
  • Perform threat modeling using established methodologies (STRIDE, MITRE ATT&CK)
  • Deep operational understanding of risk assessment methodologies (NIST SP 800‑30) and standard control frameworks (NIST CSF, NIST SP 800‑53, ISO 27001, SOC 2, SIG Core/Lite, CAIQ)
  • Regulatory Knowledge:
    Comprehens…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search