Risk Analyst

About InvoiceCloud

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It’s an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com.

Job Details

InvoiceCloud is seeking a highly skilled and detail-oriented Risk Analyst to support and advance our Cybersecurity and Enterprise Risk Management programs. This is an individual contributor role responsible for identifying, analyzing, prioritizing, and clearly communicating cyber risk across the organization in a consistent, repeatable, and decision-oriented manner.

The Risk Analyst partners closely with Security, Compliance, Internal Audit, and business stakeholders to maintain accurate risk representation, governance discipline, and audit-ready evidence. This role operates with a high degree of ownership and accountability and carries meaningful enterprise impact through the quality, rigor, and clarity of risk analysis delivered.

Success Profile

At InvoiceCloud, success is anchored in our core competencies. These competencies guide how every employee delivers impact across their role.

Ownership

• Owns the accuracy, completeness, and ongoing maintenance of the cyber risk register, ensuring risks are clearly articulated, prioritized, and current.
• Takes accountability for tracking risk treatment plans, monitoring mitigation progress, and following up with risk owners to drive timely resolution.
• Serves as a trusted point of contact for cyber risk analysis, responding to inquiries from Security, Compliance, Internal Audit, and business stakeholders.
• Handles sensitive risk, regulatory, and audit-related information with integrity, discretion, and strong ethical standards.
  
  

Drives Efficiency

• Establishes structured, repeatable processes for risk identification, assessment, documentation, and reporting to reduce variability and manual effort.
• Maintains and improves risk workflows, governance artifacts, and evidence collection to support audit-ready outcomes across frameworks such as SOC 2 and PCI.
• Coordinates third-party and vendor risk activities efficiently, aligning assessments with procurement and minimizing disruption to internal teams.
• Leverages automation and AI-enabled capabilities within GRC tooling to streamline risk data collection, trend analysis, and reporting cycles.
  
  

Results Driven

• Performs qualitative and quantitative risk assessments aligned to frameworks such as NIST CSF and FAIR or SAFE to surface the most impactful risks.
• Defines, tracks, and trends key risk indicators (KRIs) to provide leadership with clear visibility into current and emerging risk exposure.
• Produces concise, decision-oriented reporting for executives, risk committees, and leadership forums.
• Ensures risk insights translate into actionable outcomes by aligning findings with remediation plans and business priorities.
  
  

Innovative

• Evolves risk analysis and reporting practices by incorporating new methodologies, data sources, and analytical techniques.
• Improves how cyber risk is communicated by translating technical and regulatory detail into clear, business-relevant insights.
• Identifies opportunities to enhance risk governance, measurement, and visualization as organizational maturity increases.
  
  

Requirements

• Bachelor’s degree in Information Security, Risk Management, Business Analytics, or a related field preferred
• 3–5 years of experience in cyber risk, governance, compliance, or related security functions
• Working knowledge of cyber risk frameworks and methodologies such as NIST CSF, ISO 27005, and FAIR or SAFE
• Experience maintaining risk registers, tracking mitigation plans, and supporting risk governance processes
• Familiarity with regulatory and assurance frameworks such as SOC 2 and PCI, including evidence collection and audit support
• Hands-on experience with GRC platforms such as Drata or Safebase
• Strong analytical skills using tools such as Excel; basic SQL experience is a plus
• Proven ability to translate technical and regulatory risk into clear, actionable insights for leadership audiences
• Strong judgment and decision-making skills, including evaluating trade-offs between risk, cost, and business impact
• Demonstrated ability to handle sensitive and confidential information with professionalism and integrity
• Excellent written and verbal communication skills
• Ability to manage multiple priorities, work independently, and deliver results in a fast-paced environment
  
  

InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race, color, religion, age, sex, nationality, disability, genetic information, veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected under applicable laws.

This commitment applies to all aspects of employment, including recruitment, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training.

If you require a disability-related or religious accommodation during the application or recruitment process, and wish to discuss possible adjustments, please contact [email protected].

Click here to review InvoiceCloud’s Job Applicant Privacy Policy.

For recruitment agencies: InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases, employees, or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.