Key skills
CloudCyber SecurityAILLMAgenticCI/CDRisk ManagementCollaborationRemote Work
About this role
Role Overview
- Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations
- Develop and maintain risk registers, threat models, vulnerability and threat management programs, and risk treatment plans across eight enterprise risk categories
- Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005, ISO 31000, NIST RMF)
- Evaluate third-party vendor security risks and assess supply chain vulnerabilities using structured TPRM frameworks
- Leverage AI tools to accelerate risk identification, analysis, and reporting workflows
- Develop and recommend risk mitigation strategies and security controls
- Collaborate with technical teams to implement security measures and monitor their effectiveness
- Track remediation efforts and verify risk reduction activities via GRC platform integrations
- Create and maintain risk metrics and key risk indicators (KRIs)
- Ensure alignment with regulatory and industry requirements including state-specific gaming regulations (GLI-19, GLI-33, GLI-GSF), ISO 27001, ISO 42001, PCI DSS v4.0, SOC 2, NIST CSF, and GDPR
- Support internal and external audits (Deloitte, Bulletproof, Schellman) by gathering evidence, preparing documentation, and coordinating audit activities
- Maintain security policies, procedures, and risk management frameworks within the IMS
- Contribute to AI governance activities including AI service registry maintenance, Shadow AI detection, and ISO 42001 compliance
- Identify opportunities to extend agentic automation by integrating new MCP servers and APIs into existing AI workflows, reducing manual effort across compliance, audit, and risk operations
- Prepare risk reports and dashboards for management, audit committees, and gaming regulators
- Document risk assessment methodologies and maintain assessment artifacts.
Requirements
- Bachelor's degree in Computer Science, Information Security, Technology Risk Management, or related field
- 3-5 years of experience in cybersecurity risk management, GRC, or IT audit within the technology industry
- Demonstrated experience with risk assessment methodologies and frameworks (ISO 27005, ISO 31000, NIST RMF)
- Knowledge of security controls and their implementation across cloud environments
- Experience with GRC platforms (Vanta experience preferred)
- Practical experience using AI/LLM tools in a professional security or risk management context.
- Demonstrated proficiency with AI coding assistants and agentic AI tools.
- Ability to craft effective prompts and work iteratively with AI to produce high-quality risk assessments, policies, and compliance documentation
- Understanding of AI governance concepts: data classification for AI usage, model training policies, AI risk assessment, and responsible AI principles
- Familiarity with Model Context Protocol (MCP) or similar frameworks for connecting AI agents to external data sources and APIs.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Flexible vacation allowance.
- Remote or Hybrid Flexibility : Enjoy the flexibility of remote work, with opportunities for in-person collaboration at our Austin or Florida headquarters, or a hybrid arrangement.
- Innovative Environment: Join a team that thrives on pushing boundaries.
- Growth Opportunities: As we scale, your role will evolve, providing you with unlimited opportunities for personal and professional growth.
- Diverse and Inclusive: Join a team that values diversity, inclusivity, and embraces varied perspectives.