Staff Cybersecurity Analyst, Risk Management

Rivian
Atlanta, US
On-site

Job Description

About Rivian

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.

As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.

Role Summary

The Cybersecurity Analyst – Risk Management is a mid-career individual contributor supporting Rivian’s cybersecurity risk management practice. This role involves day-to-day management of cybersecurity risks, monitoring key risk indicators (KRIs), and facilitating risk discussions with technology and business stakeholders.

The analyst will leverage Rivian’s risk platforms and AI-enabled tooling to improve efficiency, transparency, and defensibility of risk decisions. This role sits within Enterprise Cybersecurity on the Cybersecurity Risk Management team and partners closely with the Cyber Third-Party Risk Management (TPRM) lead, security engineering teams, and other functions.

Responsibilities

  • Risk Register Ownership: Maintain and continuously improve the cybersecurity and crown-jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current.
  • Track risk status from identification through treatment and closure, including documenting decisions, owners, due dates, dependencies, and evidence.
  • Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture.
  • Meet regularly with risk owners and functional leaders to gather updates, validate assumptions, and align on risk treatment plans and progress.
  • Evaluate how risks propagate across systems, suppliers, processes, and programs; surface second-order and cascading impacts in risk narratives and dashboards.
  • Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier-driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment.
  • Help facilitate workshops and review sessions with business and technology leaders to clarify risk scenarios, tradeoffs, and treatment options.
  • Use Rivian’s risk platform and AI-enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication.
  • Maintain and evolve a Cybersecurity Risk Dashboard that provides an accurate, near real-time view of key risks, KRIs, and trends for leadership and governance forums.
  • Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices.
  • Identify gaps and friction in current risk processes and propose practical improvements to increase clarity, adoption, and impact.

Qualifications

Minimum Qualifications

  • 5+ years of combined experience in cybersecurity, technology risk, enterprise risk management, or related fields.
  • At least 3 years with primary responsibility for leading or owning a risk management function, program, or risk domain within an organization.
  • Hands-on experience maintaining and operating risk registers and risk management tooling, including GRC, IRM, or dedicated risk platforms.
  • Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001, including risk assessment/treatment concepts and control alignment.
  • Demonstrated ability to influence risk treatment decisions, not just document them, by framing options, tradeoffs, and business impact for stakeholders.
  • Strong analytical and quantitative risk skills, including building KRIs, basic risk modeling, scenario comparison, and trend analysis.
  • High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation to improve risk processes.
  • Excellent written and verbal communication skills with the ability to translate complex technical risks into concise, business-relevant narratives.
  • Proven ability to work cross-functionally, build trust with stakeholders, and facilitate productive discussions in ambiguous situations.

Preferred Qualifications

  • Experience with modern GRC/IRM or dedicated risk platforms and building risk dashboards for security leadership.
  • Professional certifications such as CRISC, PMI-RMP, CISM, or similar.
  • Experience in fast-paced, high-growth environments such as technology, automotive, or manufacturing, where speed, agility, and rigor are required.

Pay Disclosure

The salary range for this role is $140,600 to $186,360 for Georgia based applicants. This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s po

Skills & Requirements

Technical Skills

Cybersecurity risk managementRisk registersRisk management toolingGrcIrmNist csfIso 27001Risk dashboardsRisk discussions facilitationRisk treatment plans alignmentRisk scenarios clarificationRisk tradeoffs evaluationCriscPmi-rmpCismCybersecurityRisk management

Salary

$140,600 - $186,360

year

Employment Type

FULL TIME

Level

senior

Posted

5/8/2026

Apply Now

You will be redirected to Rivian's application portal.

Sign in and we'll score your resume against this role.

Find Similar Jobs

Browse roles in the same category, level, and remote setup.

Sign in to open the target role workbench.