Senior Risk Analyst

Posted 5 Days Ago
Be an Early Applicant
Hiring Remotely in India
Remote or Hybrid
Senior level
Artificial Intelligence • Fintech • Machine Learning • Natural Language Processing • Business Intelligence
AlphaSense empower professionals to make smarter business decisions with confidence and speed.
The Role
Design, implement, and mature a quantitative-leaning enterprise risk program spanning information security, AI, and operational risk. Own the living risk register, run cross-functional risk identification, leverage AI to monitor and analyze risk, support TPRM, produce executive reporting, and embed risk controls and KRIs into live data sources and workflows.
Summary Generated by Built In
About AlphaSense: 

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role

AlphaSense is maturing its security risk management program and needs a Senior Risk Analyst to be a core builder and operator of that function. You will design, implement, and mature a risk framework that spans information security, AI, and operational risk—building toward a program that is quantitative-leaning, connected to live data sources, and actionable at every altitude from service owner to executive leadership. You will establish risk identification and scoring methodologies, own the enterprise risk register, and produce risk intelligence that drives real decisions. You will also support the TPRM function led by a dedicated TPRM lead, contributing to assessments and risk tracking as needed. You approach this with an AI-native mindset: using AI to monitor threat landscapes, analyze risk data, draft risk narratives, and surface emerging risks faster than a traditional manual program could. The goal is a risk function, not a risk register—one that measures outcomes and reduced exposure, not just activity.This is not a role for someone looking to maintain a program that already exists. AlphaSense is building a risk management discipline that we believe can serve as the blueprint for how AI-era companies measure, communicate, and act on risk. Risk management across the industry is still largely qualitative, reactive, and disconnected from the systems that generate real signal. We intend to change that—and we want someone on this team who shares that ambition and wants to be part of building the model that others will eventually follow.

Key ResponsibilitiesRisk Program Design & Maturation

Design and implement a structured risk management program, including risk taxonomy, scoring methodology, risk appetite statements, and escalation thresholds. Align the program with ISO 27005, NIST RMF, or ISO 31000 as appropriate. This is largely greenfield work—you will help define the architecture and continuously mature the discipline as the company scales.

Risk Register Ownership

Build and maintain the enterprise risk register as a living operational tool, not a compliance artifact. Lead periodic risk identification workshops with business, engineering, and legal stakeholders to surface new and evolving risks. Ensure every risk has a documented owner, risk rating, treatment decision, and remediation timeline—and that the register reflects current reality, not last quarter's snapshot.

AI-Augmented Risk Analysis

Leverage AI tools to monitor threat intelligence, identify patterns across risk data, accelerate risk narrative drafting, and keep the risk register current between formal review cycles. Build AI-assisted workflows that reduce manual risk review burden and surface emerging risks earlier. Apply judgment to validate AI output before it informs a risk decision.

Third-Party & Vendor Risk Support

Support the TPRM function in partnership with the dedicated TPRM lead. Contribute to vendor risk assessments, risk scoring, and finding documentation as needed. Provide risk framework input to ensure third-party risks are consistently rated and tracked in alignment with the broader risk register.

AI & Emerging Technology Risk

Identify and assess AI-related risks including data privacy, model bias, explainability, security misuse, agentic system behavior, and third-party AI dependencies. Support compliance with AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act). Maintain current knowledge of the evolving AI risk landscape and help AlphaSense stay ahead of regulatory and operational risks from AI deployment.

Risk Reporting & Executive Communication

Produce clear, executive-ready risk reports, dashboards, and periodic risk summaries. Translate technical risk findings into business impact language that drives informed decisions at the service owner, leadership, and board levels. Make risk actionable at every altitude—engineers understand their exposure, executives understand portfolio risk.

Cross-Functional Risk Advisory

Provide cross-functional risk and control guidance on process improvements, new technology adoption, post-implementation reviews, and remediation activities. Support stakeholders in interpreting risk requirements and embedding risk management practices into how they build and operate—not as a checkpoint, but as an enabling partner.

What Success Looks Like
  • Security and compliance controls are clearly documented, tested, and consistently implemented—with evidence generated by integrations, not collected by hand
  • Risks and compliance gaps are identified early, tracked with owners, and remediated in partnership with technical teams before auditors find them
  • GRC processes scale alongside platform growth and new customer or regulatory requirements without proportional headcount growth
  • Stakeholders across Engineering, Legal, and Product view the GRC function as a trusted, enabling partner—not a compliance checkpoint
  • AI tools are used deliberately and responsibly: output is validated, sensitive data is protected, and automation creates leverage without introducing new risk
  • The risk register is a live operational tool that reflects current exposure—engineers know their risk posture, executives can explain portfolio risk, and risk scores change when the environment changes
  • Risk reporting is driven by KRIs and live data sources, not manually assembled status updates—leadership has real-time visibility into risk posture
Who You AreBasic Requirements
  • 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
  • Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
  • AI-native mindset: you use AI tools—LLMs, agents, automation—for real, substantive work including analysis, drafting, evidence gathering, and workflow automation. You apply judgment about where AI creates leverage and where a human must stay in the loop
  • Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Familiarity with cloud environments (AWS, Azure, or GCP) and the security and compliance posture tooling that runs on them (CSPM, SIEM, identity platforms)
  • Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
  • Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation that engineers and non-technical stakeholders both understand
  • Working knowledge of risk registers, control libraries, and policy governance lifecycles
  • Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and how they intersect with security controls, in partnership with Legal and Product teams
  • Strong written communication, analytical thinking, and attention to detail; able to produce clear audit responses, risk narratives, and control documentation under deadline
  • 4+ years of hands-on experience in information security risk management or a combined GRC/risk role with responsibility for building or significantly maturing a risk register and scoring methodology
  • Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows—with clear judgment about validating AI output before it informs a decision
  • Proven experience maturing an organization's risk program from qualitative to quantitative risk measurement—including introducing scoring models, KRI frameworks, and data-driven risk reporting that changed how leadership makes risk decisions
  • Experience with data warehousing concepts, KRI development and tracking, and risk reporting pipelines that connect live data sources to dashboards and executive reporting
  • Proficiency with GRC platforms for risk tracking, control testing, and evidence management (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Strong analytical skills: comfort with qualitative and quantitative risk scoring, heat maps, likelihood/impact matrices, and risk appetite articulation
  • Experience producing executive-ready risk reports and translating technical findings into business impact language for non-technical audiences
  • Experience supporting TPRM assessments and contributing to vendor risk documentation in partnership with a dedicated TPRM function
Nice to Have
  • Relevant certifications: CISA, CRISC, CISM, CISSP, CCSK, or ISO 27001 Lead Auditor/Implementer
  • Experience with AI governance frameworks including ISO 42001, NIST AI RMF, EU AI Act, or OECD AI Principles
  • Exposure to SOX ITGC cycles—managing evidence, walkthroughs, and findings with external auditors
  • Privacy program crossover: data mapping, DPIAs, GDPR/CCPA operational compliance
  • Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows
  • Quantitative risk experience: FAIR-style decomposition, Monte Carlo simulation, or loss exceedance analysis applied to real risk decisions—not just theoretical familiarity
  • Experience with AI risk domains: model risk, algorithmic bias, AI system failure modes, agentic system risks, and governance frameworks including NIST AI RMF or ISO 42001
  • Familiarity with risk aggregation and BI tooling (Tableau, Looker, Power BI) for risk dashboarding and executive reporting
  • Background in financial services regulatory risk environments (SOX, FFIEC, or equivalent).

AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination.

In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.

Recruiting Scams and Fraud

We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note:

  • AlphaSense never asks candidates to pay for job applications, equipment, or training.
  • All official communications will come from an @alpha-sense.com email address.
  • If you’re unsure about a job posting or recruiter, verify it on our Careers page.

If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.

Skills Required

  • 6+ years of experience in GRC, information security, risk management, or IT audit (preferably SaaS/cloud-native)
  • 4+ years hands-on experience building or significantly maturing a risk register and scoring methodology
  • Strong understanding of security and compliance frameworks: SOC 2, ISO 27001, NIST CSF 2.0, CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
  • AI-native mindset: practical use of LLMs, agents, and automation for analysis, drafting, evidence gathering, and workflows with human validation
  • Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Familiarity with cloud environments (AWS, Azure, or GCP) and associated security/compliance tooling (CSPM, SIEM, identity platforms)
  • Experience supporting external security or privacy audits, including evidence collection and auditor interactions
  • Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation for technical and non-technical audiences
  • Working knowledge of risk registers, control libraries, and policy governance lifecycles
  • Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and intersections with security controls
  • Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows
  • Proven experience maturing risk programs from qualitative to quantitative measurement, including scoring models, KRI frameworks, and data-driven reporting
  • Experience with data warehousing concepts, KRI development/tracking, and connecting live data sources to dashboards/executive reporting
  • Strong written communication, analytical thinking, and attention to detail; able to produce audit responses and executive-ready risk narratives under deadline
  • Experience supporting TPRM assessments and contributing to vendor risk documentation
  • Relevant certifications (CISA, CRISC, CISM, CISSP, CCSK, ISO 27001 Lead Auditor) or equivalent experience
  • Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows
  • Quantitative risk experience (FAIR decomposition, Monte Carlo, loss exceedance) applied to real decisions
  • Experience with AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act) and AI risk domains
  • Familiarity with BI tooling for dashboarding and executive reporting (Tableau, Looker, Power BI)
  • Exposure to financial services regulatory risk environments (SOX, FFIEC) and SOX ITGC cycles

AlphaSense Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about AlphaSense and has not been reviewed or approved by AlphaSense.

  • Inclusive Benefits Coverage Healthcare offerings include gender-affirming care and unlimited fertility coverage in addition to comprehensive medical options. Mental-health resources and an assistance program are also emphasized.
  • Leave & Time Off Breadth PTO is presented as generous or unlimited in the U.S., with volunteer days and notable parental leave for primary caregivers. These policies indicate flexible time-away support.
  • Strong & Reliable Incentives On-target earnings for several sales functions are positioned as competitive, offering meaningful upside when targets are met.

AlphaSense Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: New York, NY
2,000 Employees
Year Founded: 2011

What We Do

AlphaSense is the AI platform redefining market intelligence and workflow orchestration, trusted by thousands of leading organizations to drive faster, more confident decisions in business and finance. The platform combines domain specific AI with a vast content universe of over 500 million premium business documents — including equity research, earnings calls, expert interviews, filings, news, and internal proprietary content. Purpose-built for speed, accuracy, and enterprise-grade security, AlphaSense helps teams extract critical insights, uncover market-moving trends, and automate complex workflows with high quality outputs. With AI solutions like Generative Search, Generative Grid, and Deep Research, AlphaSense delivers the clarity and depth professionals need to navigate complexity and obtain accurate, real-time information quickly. Headquartered in New York City, AlphaSense employs over 2,000 people across offices in the U.S., U.K., Finland, India, Canada, and Ireland. For more information, please visit www.alpha-sense.com.

Why Work With Us

AlphaSense is shaping how companies make decisions. We're product-driven and customer obsessed in our mission to take decision makers from complexity to clarity. Our culture balances ambition with humility, autonomy with teamwork. With mentorship and real ownership, you’ll have everything you need to keep evolving, personally and professionally.

Gallery

Gallery

Similar Jobs

JumpCloud Logo JumpCloud

Customer Success Manager

Cloud • Information Technology • Security • Software
Easy Apply
In-Office or Remote
Bangalore, Bengaluru, Karnataka, IND
800 Employees

Zscaler Logo Zscaler

Business Systems Analyst

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
India
8697 Employees

Zscaler Logo Zscaler

Business Systems Analyst

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
India
8697 Employees

Nexthink Logo Nexthink

PowerShell Engineer

Artificial Intelligence • Big Data • Cloud • Information Technology • Machine Learning • Software
Remote or Hybrid
Bengaluru, Karnataka, IND
1200 Employees

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account