Information Security Risk and Governance Analyst

Richmond, VA, United States

Applications have closed

CapTech Consulting

CapTech is a technology consulting firm focused on defining and delivering what’s next for organizations.

View company page

Company Description

CapTech is an award-winning consulting firm that collaborates with clients to achieve what’s possible through the power of technology. At CapTech, we’re passionate about the work we do and the results we achieve for our clients. From the outset, our founders shared a collective passion to create a consultancy centered on strong relationships that would stand the test of time. Today we work alongside clients that include Fortune 100 companies, mid-sized enterprises, and government agencies, a list that spans across the country. 

Job Description

The Information Security Risk and Governance Sr. Specialist will be responsible for identifying, assessing, and managing cybersecurity risks associated with third-party relationships; both as the third-party as well as the first-party. This individual will assist in the development and implementation of the organization's third-party risk management strategy and be responsible for ensuring that the cybersecurity controls and practices of internal and external partners align with CapTech's risk management standards.

  • Assist in the development and adoption of a Third-Party Risk Management framework, policy, process, and associated technology to comply with SOC II requirements
  • Execute technical risk evaluations of third-party vendors, tools, and services (performing Information Security due diligence on vendors) in accordance with SOC II requirements
  • Make recommendations on how to enhance the security of third-party tools and services based on results from technical risk assessments
  • Effectively communicate technical risk in non-technical terminology to inform business decisions
  • Prioritize risk remediation efforts based on criticality of risk and service-level agreements (SLA)
  • Assist in the remediation of Information Security Risks (including negotiating compensating controls and SLA's with stakeholders)
  • Provide answers and guidance for information security questionnaires received from third-parties
  • Assess the technology risks associated with new subcontractor relationships and make recommendations on possible risk mitigation options
  • Collaborate with contract negotiation and business development teams to ensure technical controls align with Request for Proposals (RFP) and agreed upon contract terms
  • Performing a site visit to a third-party facility if required
  • Creating technical and Executive level reports on the effectiveness of Information Security controls


  • Working understanding of SOC II, NIST 800-53, and ISO 27001 or similar frameworks required
  • Excellent oral and written communication ability, especially for communicating technical risk in non-technical terms
  • Strong knowledge of the Microsoft Office suite of tools
  • Strong problem-solving, analytical, and critical thinking skills
  • Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), Security+, or agreed certificate to be attained within agreed timeframe, or other relevant certifications preferred
  • Any prior experience with vendor management or third-party risk assessments is strongly preferred
  • Any knowledge of Information Security best practices related to Vulnerability Management, Identity and Access Management, Network Architecture, Policy review, and Risk Assessments is preferred

Additional Information

We want everyone at CapTech to be able to envision a lasting and rewarding career here, which is why we offer a variety of career paths based on your skills and passions.  You decide where and how you want to develop, and we help get you there with customizable career progression and a comprehensive benefits package to support you along the way.  Alongside our suite of traditional benefits encompassing generous PTO, health coverage, disability insurance, paid family leave and more, we’ve launched extended benefits to help meet our employees’ needs. 

  • CapFlex – Employee-first mentality that supports a remote and hybrid workforce and empowers daily flexibility while servicing our clients
  • Learning & Development – Programs offering certification and tuition support, digital on-demand learning courses, mentorship, and skill development paths
  • Modern Health –A mental health and well-being platform that provides 1:1 care, group support sessions, and self-serve resources to support employees and their families through life’s ups and downs
  • Carrot Fertility –Inclusive fertility and family-forming coverage for all paths to parenthood – including adoption, surrogacy, fertility treatments, pregnancy, and more – and opportunities for employer-sponsored funds to help pay for care
  • Fringe –A company paid stipend program for personalized lifestyle benefits, allowing employees to choose benefits that matter most to them – ranging from vendors like Netflix, Spotify, and GrubHub to services like student loan repayment, travel, fitness, and more
  • Employee Resource Groups – Employee-led committees that embrace and incorporate diversity and inclusion into our day-to-day operations
  • Philanthropic Partnerships – Opportunities to engage in partnerships and pro-bono projects that support our communities. 
  • 401(k) Matching – Generous matching and no vesting period to help you continue to build financial wellness

CapTech is an equal opportunity employer committed to fostering a culture of equality, inclusion and fairness — each foundational to our core values.  We strive to create a diverse environment where each employee is encouraged to bring their unique ideas, backgrounds and experiences to the workplace. For more information about our Diversity, Inclusion and Belonging efforts, click HERE

At this time, CapTech cannot transfer nor sponsor a work visa for this position. Applicants must be authorized to work directly for any employer in the United States without visa sponsorship.  


* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: CISA Governance IAM ISO 27001 NIST Risk assessment Risk management SOC SSCP Strategy Vendor management Vulnerability management

Perks/benefits: Career development Fertility benefits Health care Home office stipend Insurance Wellness

Region: North America
Country: United States
Job stats:  19  4  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.