Information Security Risk Analyst

The Information Security Risk Analyst will be responsible for identifying, assessing, and mitigating risks to ensure the confidentiality, integrity, and availability of Motorola Solutions’ information assets. The candidate will work closely with cross-functional teams to evaluate risks, enforce security controls, and ensure compliance with internal policies, industry standards, and regulatory requirements.

This position is a fully-remote opportunity.

Responsibilities:

Risk Management, Privacy, and Assessments

• Identify, analyze, and document information security risks across the organization, including infrastructure, applications, and third-party vendors.
• Assist with conducting formal risk assessments and provide recommendations for mitigating risks to acceptable levels.
• Assist in maintaining the organization’s risk register and track mitigation efforts to closure.
• Document security processes, configurations, and compliance reports for audits and stakeholder reviews.
• Support business units in identifying risk ownership and driving accountability for risk remediation.
• Participate in the development and enforcement of security policies, procedures, and controls related to information security and risk management.
• Coordinate with engineering teams during sprint and planning sessions to ensure risks are discussed, tracked, and triaged as needed.
• Support the development, review, and maintenance of Privacy Impact Assessments (PIAs) and privacy compliance documentation

Threat and Vulnerability Analysis

• Assist in identifying and analyzing emerging cybersecurity threats and vulnerabilities that could impact the organization.
• Partner with PSIRT team to review vulnerability scan reports and ensure remediation efforts align with organizational risk appetite.
• Lead the intake and triage of alerts from SOAR, endpoint, firewall, and other sources.
• Provide input on prioritizing risks based on business impact and likelihood.
• Generate regular reports on data security posture, access trends, and incident metrics.

Awareness and Training

• Support efforts to enhance security awareness across the organization by contributing to training programs and materials.
• Provide guidance to employees and business units on security best practices and risk management principles.
• Serve as a departmental security champion

Third-Party Risk Management

• Evaluate third-party vendors, cloud providers, and partners to ensure compliance with Motorola Solutions’ security requirements.
• Collaborate with procurement and legal teams to evaluate vendor security posture during the onboarding process.
• Monitor and manage risks associated with third-party relationships.

Compliance and Governance

• Ensure compliance with applicable regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, CPRA, PCI DSS, NIS2, EU CRA).
• Collaborate with internal stakeholders to ensure effective security controls are implemented and properly documented.

Reporting and Metrics

• Develop and present risk assessment reports, metrics, and dashboards for senior leadership and stakeholders.
• Provide updates on the risk management program, including key risks, mitigation progress, and trends.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field. Equivalent work experience may be considered.
• 3+ years of experience in information security, risk management, or related roles.
• Demonstrated experience conducting risk assessments and managing risk mitigation efforts.
• Familiarity with security governance frameworks and standards (e.g., ISO 27001, NIST, COBIT, or SOC 2).
• Knowledge of Privacy domains such as Cookie Consent, Mobile App Consent, and Privacy Impact/Data Mapping Assessment
• Strong understanding of cybersecurity principles, risk management methodologies, and security controls.
• Experience with security tools and platforms, such as GRC tools (JIRA & SNOW), vulnerability scanners, and threat intelligence solutions.
• Knowledge of cloud security, including shared responsibility models (e.g., AWS, Azure, GCP).
• Strong analytical skills with the ability to assess complex risks and recommend practical solutions.
• Excellent verbal and written communication skills, with the ability to present technical concepts to non-technical stakeholders.
• Detail-oriented, self-motivated, and able to work independently or collaboratively in a fast-paced environment.