Cybersecurity Analyst, Risk Management

About Rivian

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions‑free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract. We constantly challenge what’s possible, reframing old problems and seeking new solutions. Our diverse team shares a love of the outdoors and a desire to protect it for future generations.

The Cybersecurity Analyst – Risk Management is an individual‑contributor role supporting Rivian’s cybersecurity risk management practice. The analyst manages day‑to‑day cybersecurity risks, monitors key risk indicators (KRIs), and facilitates risk discussions with technology and business stakeholders. This position sits within Enterprise Cybersecurity on the Risk Management team and partners with the Cyber Third‑Party Risk Management lead, security engineering teams, and other functions.

• Risk Register Ownership:
  Maintain and continuously improve the cybersecurity and crown‑jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current.
• Track risk status from identification through treatment and closure, including documenting decisions, owners, due dates, dependencies, and evidence.
• Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture.
• Meet regularly with risk owners and functional leaders to gather updates, validate assumptions, and align on risk treatment plans and progress.
• Evaluate how risks propagate across systems, suppliers, processes, and programs; surface second‑order and cascading impacts in risk narratives and dashboards.
• Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier‑driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment.
• Help facilitate workshops and review sessions with business and technology leaders to clarify risk scenarios, trade‑offs, and treatment options.
• Use Rivian’s risk platform and AI‑enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication.
• Maintain and evolve a Cybersecurity Risk Dashboard that provides an accurate, near‑real‑time view of key risks, KRIs, and trends for leadership and governance forums.
• Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices.
• Identify gaps and friction in current risk processes and propose practical improvements to increase clarity, adoption, and impact.

• 5+ years of combined experience in cybersecurity, technology risk, enterprise risk management, or related fields.
• At least 3 years with primary responsibility for leading or owning a risk management function, program, or risk domain within an organization.
• Hands‑on experience maintaining and operating risk registers and risk management tooling, including GRC, IRM, or dedicated risk platforms.
• Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001, including risk assessment/treatment concepts and control alignment.
• Demonstrated ability to influence risk treatment decisions, not just document them, by framing options, trade‑offs, and business impact for stakeholders.
• Strong analytical and quantitative risk skills, including building KRIs, basic risk modeling, scenario comparison, and trend analysis.
• High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation to improve risk processes.
• Excellent written and verbal communication skills with the ability to translate complex technical risks into concise, business‑relevant narratives.
• Proven ability to work cross‑functionally, build trust with stakeholders, and facilitate productive discussions in ambiguous situations.

• Experience with modern GRC/IRM or dedicated risk platforms and building risk dashboards for security leadership.
• Professional…