Senior Security Risk Management Analyst

Role overview

Rubrik is hiring an experienced Senior Security Risk Management Analyst to join its Third-Party/Vendor Risk Assessment function in Ireland or the United Kingdom. This is a full-time role centered on evaluating and managing the security, compliance, and resilience risks that come with working with vendors, service providers, and other third parties. The position also contributes to broader cybersecurity risk initiatives and requires strong collaboration across teams.

What you will do

• Own and perform detailed assessments of both new and current third-party vendors and service providers, with emphasis on cybersecurity and regulatory obligations.
• Review vendor security questionnaires, independent audit evidence, and assurance documents such as SOC 2 and ISO 27001 reports.
• Work with vendors to collect, validate, and track security controls, corrective actions, and compliance status.
• Drive follow-through on remediation actions agreed with suppliers and help ensure issues are closed within expected timelines.
• Support supplier contract discussions by reviewing security-related exceptions and advising on remediation requirements.
• Assign vendors to appropriate risk tiers and keep vendor risk records accurate and up to date.
• Take part in ongoing monitoring of suppliers so shifts in their risk posture are identified early.
• Work closely with Procurement, Legal, Privacy, and Information Security partners to improve supplier security governance processes.
• Look for ways to streamline and automate parts of the assessment workflow to reduce manual effort and improve efficiency.
• Stay current on new threats, industry practices, and regulatory expectations that affect third-party risk management.
• Guide and support contractors and junior colleagues while helping maintain a cooperative team culture.

What we are looking for

• A bachelor’s degree in Computer Science, Information Security, Cybersecurity, Risk Management, or a closely related discipline.
• 6 to 8 years of professional experience in third-party risk assessment, cybersecurity risk, or information risk management.
• Practical knowledge of security and compliance frameworks and requirements such as ISO 27001/2, ISO 27017, ISO 27018, FedRAMP, SOC 2 Trust Services Criteria, PCI DSS, and NIST CSF.
• Strong grasp of risk assessment methods and established best practices.
• Ability to explain complex risk findings clearly to both technical and non-technical stakeholders.
• A detail-focused, process-oriented approach with the ability to manage several vendor reviews at the same time.
• Experience with tools like Coupa, OneTrust, JIRA, and Coverbase is an advantage.
• Professional certifications such as CISA, CISM, CISSP, or CRISC are considered a plus.

About Rubrik

Rubrik is a fast-growing company in Silicon Valley focused on modern data protection and management for the multi-cloud era. The company provides a unified platform for protecting and managing data across cloud, edge, and on-premises environments. Its solutions help enterprises simplify backup and recovery, speed up cloud adoption, automate at scale, and defend against cyber threats. Rubrik has raised more than $553 million in venture funding and was last valued at $3.3 billion. It has also been recognized as a Forbes Cloud 100 company for five consecutive years and named a LinkedIn Top 10 startup.

About the team

The Information Security organization strengthens security across Rubrik through major initiatives and cross-functional coordination. The team builds tools, technologies, and processes that help teams develop secure software and protect systems and data with the right controls. It also develops monitoring and response capabilities for attacks, supports security awareness and education, and ensures data governance and third-party data-sharing relationships are handled securely.

Inclusion at Rubrik

Rubrik is committed to creating an environment where people from all backgrounds are respected, included, and able to succeed. The company focuses on fair hiring and promotion practices and works to ensure everyone has equal access to growth and opportunity. Its inclusion approach centers on the company, its culture, and the communities it serves, with an emphasis on belonging, merit, and broader impact.

Equal opportunity and accommodations

Rubrik is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, age, disability, or genetics, in accordance with applicable laws. Employment terms cover recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training. Qualified individuals with disabilities may request reasonable accommodation for the application process or job performance by contacting hr@rubrik.com. Examples include application-process adjustments, alternate document formats, sign language interpretation, or specialized equipment.

Legal notices

This role notice also includes the statement “EEO IS THE LAW” and “NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS.”