← back to jobs
> job detail
A
📊Analyst

Senior Risk Analyst

AlphaSense ¡ Remote - India
// classified as
Analyst (Dashboards, reporting, ad-hoc analysis.)
posted
1d ago
location
Remote - India
languages
javascript, python
tools
aws, azure, looker
> stack
javascriptpythonawsazurelookertableau
> description
<div class="content-intro"><h2><strong>About AlphaSense:&nbsp;</strong></h2> <p style="text-align: justify;"><span style="font-size: 12pt;">The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content. </span></p> <p style="text-align: justify;"><span style="font-size: 12pt;">The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&amp;P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!</span></p></div><h3>About the Role</h3> <p>AlphaSense is maturing its security risk management program and needs a Senior Risk Analyst to be a core builder and operator of that function. You will design, implement, and mature a risk framework that spans information security, AI, and operational risk—building toward a program that is quantitative-leaning, connected to live data sources, and actionable at every altitude from service owner to executive leadership. You will establish risk identification and scoring methodologies, own the enterprise risk register, and produce risk intelligence that drives real decisions. You will also support the TPRM function led by a dedicated TPRM lead, contributing to assessments and risk tracking as needed. You approach this with an AI-native mindset: using AI to monitor threat landscapes, analyze risk data, draft risk narratives, and surface emerging risks faster than a traditional manual program could. The goal is a risk function, not a risk register—one that measures outcomes and reduced exposure, not just activity.This is not a role for someone looking to maintain a program that already exists. AlphaSense is building a risk management discipline that we believe can serve as the blueprint for how AI-era companies measure, communicate, and act on risk. Risk management across the industry is still largely qualitative, reactive, and disconnected from the systems that generate real signal. We intend to change that—and we want someone on this team who shares that ambition and wants to be part of building the model that others will eventually follow.</p> <h3>Key Responsibilities</h3> <table style="border-collapse: collapse; border-color: black; border-style: solid;" border="1"> <tbody> <tr> <td style="border-color: black;"> <h4><strong>Risk Program Design &amp; Maturation</strong></h4> </td> <td style="border-color: black;"> <p>Design and implement a structured risk management program, including risk taxonomy, scoring methodology, risk appetite statements, and escalation thresholds. Align the program with ISO 27005, NIST RMF, or ISO 31000 as appropriate. This is largely greenfield work—you will help define the architecture and continuously mature the discipline as the company scales.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>Risk Register Ownership</strong></h4> </td> <td style="border-color: black;"> <p>Build and maintain the enterprise risk register as a living operational tool, not a compliance artifact. Lead periodic risk identification workshops with business, engineering, and legal stakeholders to surface new and evolving risks. Ensure every risk has a documented owner, risk rating, treatment decision, and remediation timeline—and that the register reflects current reality, not last quarter's snapshot.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>AI-Augmented Risk Analysis</strong></h4> </td> <td style="border-color: black;"> <p>Leverage AI tools to monitor threat intelligence, identify patterns across risk data, accelerate risk narrative drafting, and keep the risk register current between formal review cycles. Build AI-assisted workflows that reduce manual risk review burden and surface emerging risks earlier. Apply judgment to validate AI output before it informs a risk decision.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>Third-Party &amp; Vendor Risk Support</strong></h4> </td> <td style="border-color: black;"> <p>Support the TPRM function in partnership with the dedicated TPRM lead. Contribute to vendor risk assessments, risk scoring, and finding documentation as needed. Provide risk framework input to ensure third-party risks are consistently rated and tracked in alignment with the broader risk register.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>AI &amp; Emerging Technology Risk</strong></h4> </td> <td style="border-color: black;"> <p>Identify and assess AI-related risks including data privacy, model bias, explainability, security misuse, agentic system behavior, and third-party AI dependencies. Support compliance with AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act). Maintain current knowledge of the evolving AI risk landscape and help AlphaSense stay ahead of regulatory and operational risks from AI deployment.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>Risk Reporting &amp; Executive Communication</strong></h4> </td> <td style="border-color: black;"> <p>Produce clear, executive-ready risk reports, dashboards, and periodic risk summaries. Translate technical risk findings into business impact language that drives informed decisions at the service owner, leadership, and board levels. Make risk actionable at every altitude—engineers understand their exposure, executives understand portfolio risk.</p> </td> </tr> <tr> <td style="border-color: black;"> <h4><strong>Cross-Functional Risk Advisory</strong></h4> </td> <td style="border-color: black;"> <p>Provide cross-functional risk and control guidance on process improvements, new technology adoption, post-implementation reviews, and remediation activities. Support stakeholders in interpreting risk requirements and embedding risk management practices into how they build and operate—not as a checkpoint, but as an enabling partner.</p> </td> </tr> </tbody> </table> <h3>What Success Looks Like</h3> <ul> <li>Security and compliance controls are clearly documented, tested, and consistently implemented—with evidence generated by integrations, not collected by hand</li> <li>Risks and compliance gaps are identified early, tracked with owners, and remediated in partnership with technical teams before auditors find them</li> <li>GRC processes scale alongside platform growth and new customer or regulatory requirements without proportional headcount growth</li> <li>Stakeholders across Engineering, Legal, and Product view the GRC function as a trusted, enabling partner—not a compliance checkpoint</li> <li>AI tools are used deliberately and responsibly: output is validated, sensitive data is protected, and automation creates leverage without introducing new risk</li> <li>The risk register is a live operational tool that reflects current exposure—engineers know their risk posture, executives can explain portfolio risk, and risk scores change when the environment changes</li> <li>Risk reporting is driven by KRIs and live data sources, not manually assembled status updates—leadership has real-time visibility into risk posture</li> </ul> <h3>Who You Are</h3> <h4>Basic Requirements</h4> <ul> <li>6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment</li> <li>Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF</li> <li>AI-native mindset: you use AI tools—LLMs, agents, automation—for real, substantive work including analysis, drafting, evidence gathering, and workflow automation. You apply judgment about where AI creates leverage and where a human must stay in the loop</li> <li>Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)</li> <li>Familiarity with cloud environments (AWS, Azure, or GCP) and the security and compliance posture tooling that runs on them (CSPM, SIEM, identity platforms)</li> <li>Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction</li> <li>Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation that engineers and non-technical stakeholders both understand</li> <li>Working knowledge of risk registers, control libraries, and policy governance lifecycles</li> <li>Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and how they intersect with security controls, in partnership with Legal and Product teams</li> <li>Strong written communication, analytical thinking, and attention to detail; able to produce clear audit responses, risk narratives, and control documentation under deadline</li> <li>4+ years of hands-on experience in information security risk management or a combined GRC/risk role with responsibility for building or significantly maturing a risk register and scoring methodology</li> <li>Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows—with clear judgment about validating AI output before it informs a decision</li> <li>Proven experience maturing an organization's risk program from qualitative to quantitative risk measurement—including introducing scoring models, KRI frameworks, and data-driven risk reporting that changed how leadership makes risk decisions</li> <li>Experience with data warehousing concepts, KRI development and tracking, and risk reporting pipelines that connect live data sources to dashboards and executive reporting</li> <li>Proficiency with GRC platforms for risk tracking, control testing, and evidence management (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)</li> <li>Strong analytical skills: comfort with qualitative and quantitative risk scoring, heat maps, likelihood/impact matrices, and risk appetite articulation</li> <li>Experience producing executive-ready risk reports and translating technical findings into business impact language for non-technical audiences</li> <li>Experience supporting TPRM assessments and contributing to vendor risk documentation in partnership with a dedicated TPRM function</li> </ul> <h4>Nice to Have</h4> <ul> <li>Relevant certifications: CISA, CRISC, CISM, CISSP, CCSK, or ISO 27001 Lead Auditor/Implementer</li> <li>Experience with AI governance frameworks including ISO 42001, NIST AI RMF, EU AI Act, or OECD AI Principles</li> <li>Exposure to SOX ITGC cycles—managing evidence, walkthroughs, and findings with external auditors</li> <li>Privacy program crossover: data mapping, DPIAs, GDPR/CCPA operational compliance</li> <li>Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows</li> <li>Quantitative risk experience: FAIR-style decomposition, Monte Carlo simulation, or loss exceedance analysis applied to real risk decisions—not just theoretical familiarity</li> <li>Experience with AI risk domains: model risk, algorithmic bias, AI system failure modes, agentic system risks, and governance frameworks including NIST AI RMF or ISO 42001</li> <li>Familiarity with risk aggregation and BI tooling (Tableau, Looker, Power BI) for risk dashboarding and executive reporting</li> <li>Background in financial services regulatory risk environments (SOX, FFIEC, or equivalent).</li> </ul><div class="content-conclusion"><p><span style="font-size: 12pt;">AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination.</span></p> <p><span style="font-size: 12pt;">In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.</span></p> <p><span style="font-size: 12pt;"><span style="text-decoration: underline;">Recruiting Scams and Fraud</span></span></p> <p><span style="font-size: 12pt;">We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note:</span></p> <ul> <li style="font-size: 12pt;"><span style="font-size: 12pt;">AlphaSense never asks candidates to pay for job applications, equipment, or training.</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">All official communications will come from an @<a href="http://alpha-sense.com/" target="_blank" data-saferedirecturl="https://www.google.com/url?q=http://alpha-sense.com/&amp;source=gmail&amp;ust=1740162734907000&amp;usg=AOvVaw2sfhQUZloRzVpQ4Yj1Ftlo">alpha-sense.com</a>&nbsp;email address.</span></li> <li style="font-size: 12pt;"><span style="font-size: 12pt;">If you’re unsure about a job posting or recruiter, verify it on our&nbsp;<a href="https://www.alpha-sense.com/careers/" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://www.alpha-sense.com/careers/&amp;source=gmail&amp;ust=1740162734907000&amp;usg=AOvVaw3I0CFwb1ser7ImCRD48YOl">Careers page</a>.</span></li> </ul> <p><span style="font-size: 12pt;">If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.</span></p></div>