Role SummaryThis is a hands on, true entry level Junior Risk Analyst role intended for someone deliberately pursuing a career in Governance, Risk, and Compliance GRC within cybersecurity. While little to no prior professional experience is required, candidates must demonstrate foundational GRC knowledge through a relevant degree, internship, certification, or active pursuit of a related degree or certification. Success in this role requires discipline, intellectual curiosity, critical thinking, sound judgment, ownership, and personal accountability. The Junior Risk Analyst will work under the close mentorship of an experienced Lead Risk Analyst and report to the Cybersecurity Manager. The role provides meaningful exposure to insider risk investigations, eDiscovery, audits, assessments, compliance activities, third party risk, and risk documentation, with clear expectations for quality, accuracy, follow through, and continuous growth. Training and guidance will be provided; however, success depends on the ability to learn independently, validate work, ask thoughtful questions, and earn increased responsibility through performance. This is not a security operations role and is not a passive or check the box compliance position. Limited cross training with SecOps will occur to support collaboration and situational awareness, but the primary focus remains GRC and risk management.Core ResponsibilitiesRisk Investigations and Case Management: Assist the Lead Risk Analyst with the investigation and analysis of Insider Risk cases, following defined processes and guidanceWork assigned risk related tickets through to completion with oversight from the Lead Risk Analyst and Cybersecurity ManagerMaintain accurate, defensible documentation of findings, actions taken, and outcomesValidate information and evidence prior to escalation or conclusioneDiscovery and Legal HR SupportSupport eDiscovery requests from Legal and Human Resources, including data identification, coordination, and documentationAssist with evidence handling and response tracking to ensure requests are completed accurately and on timeGRC, Audits and ComplianceAssist with internal and external risk and control assessments, including responding to auditor and state examiner questions and evidence requestsSupport PCI compliance activities, including annual PCI self-certification requirements and related documentationAssist the Lead Risk Analyst with vendor due diligence questionnaires (DDQs) and third-party risk assessmentsHelp maintain risk registers, control inventories, and supporting GRC artifactsProjects and InitiativesHeavily assist the Lead Risk Analyst and Cybersecurity Manager with assigned GRC and risk-related project tasksSupport execution of projects involving risk assessments, control improvements, process enhancements, and compliance initiativesTrack assigned project tasks to completion, ensuring deliverables are accurate, timely, and well-documentedTake increasing ownership of defined project workstreams as skills, confidence, and judgment growMetrics, Reporting and Leadership SupportAssist the Lead Risk Analyst with GRC KPI and KRI metrics, including data collection, validation, and analysisSupport preparation of risk and compliance metrics used in leadership presentations and reportingHelp ensure metrics are accurate, meaningful, and defensibleDocumentation and Process ImprovementDevelop, maintain, and continuously improve risk, compliance, and investigation process documentation, ensuring procedures are accurate, current, and audit-readyAssist in improving workflows, documentation standards, and assessment processesTake increasing ownership of documentation and process improvement effortsCollaboration, Meetings and Professional DevelopmentAttend and actively participate in weekly team meetings, working sessions, and other relevant work-related callsCommunicate clearly and professionally with internal stakeholders as directedDedicate time to skills development and continuous learning, including frameworks, tooling, and methodologiesActively pursue growth toward advanced GRC knowledge and certifications such as GRC Professional GRCPExpectations and Working StyleDemonstrate discipline, ownership, and pride in work qualityValidate findings before acting, escalating, or communicating conclusionsThink critically and avoid assumptionsUse available resources effectively, including documentation, mentorship, and independent researchCommunicate clearly, accurately, and professionallyUnderstand that results, accuracy, and judgment matter more than effort aloneThis role is not for someone who dislikes accountability, structure, direction, or being evaluated on outcomes.Education and Certifications – Read CarefullyMinimum RequirementsBasic understanding of information security frameworks and GRC conceptsOne year or less of relevant professional experience (or equivalent academic exposure)Genuine interest in pursuing a career in cybersecurity risk and GRCNice to HaveBachelor’s degree (any relevant discipline)Entry level GRC, risk, or compliance certificationsInterest in pursuing certifications such as GRC Professional GRCPPreference will be given to candidates who can convincingly demonstrate:Foundational GRC knowledge including a basic understanding of governance, risk assessment, internal controls, compliance concepts, and common regulatory or cybersecurity frameworks eg NIST, ISO, FFIECSelf motivation and a strong work ethicIntellectual curiosity and a habit of asking whyCritical thinking and sound judgmentWillingness to learn deeply both independently and under supervisionA genuine desire to grow into a long-term role in GRC and risk managementWhile education and certifications are valued, this role places equal importance on critical thinking, ownership, curiosity, and a strong desire to learn. Candidates who bring both foundational knowledge and the right personal qualities will be most successful.Compensation and LocationBase salary range: $55,000 – $65,000Bonus potential: 3–5% based on individual and company performanceEmployment type: Full TimeLocation: Fully remote, anywhere in the United States (one day on site if in the San Diego area where our Corporate Office is located).Why This RoleThis role offers meaningful, hands on experience in cybersecurity risk and GRC under experienced leadership and close mentorship. It is an excellent opportunity for someone genuinely excited to step into their first GRC analyst role, build a strong foundation in risk and compliance, and grow through real responsibility, accountability, and continuous learning. The position is well suited for a motivated self starter who is eager to learn, ask thoughtful questions, and develop into a long term GRC professional within a heavily regulated industry.Mutual of Omaha Mortgage is an Equal Opportunity Employer, and we encourage diverse, talented, qualified applicants to apply. We offer an extensive compensation package. Benefits include:Vacation hours accrue on a per pay period basis. Balance maximums are based on years of service.Paid Sick Time 40 hours of paid sick time after 90 days of employment. State sick time requirements will be added as needed.9 Paid Holidays + 1 Cultural Celebration Day (Floating Holiday)Multiple PPO Medical Plans, as well as HDHP eligible plan.Dental CoverageVision CoverageCompany Paid Life Insurance401K with a generous employer matchAdditional Benefits including – Optional Life, FSA, Pet Insurance etc.Free Legal ServicesEmployee Loan Program
