About the Role

OpenLoop is looking for a Risk Management Analyst to join our team remotely or at HQ in Des Moines, IA. In this role, you will be responsible for identifying, assessing, and mitigating risks across the organization to strengthen overall security and compliance posture. This role supports the implementation and monitoring of enterprise risk management frameworks, ensuring alignment with regulatory standards and internal policies. The ideal candidate has strong analytical skills, attention to detail, and the ability to collaborate cross-functionally to balance risk and business needs.

What You'll Do

• Conduct ongoing enterprise risk assessments to identify operational, compliance, and security risks.
• Manage the risk transfer program, including all company insurance policy applications and renewals
• Maintain and update risk registers, ensuring all risks are documented, tracked, and mitigated effectively.
• Support audits, regulatory reviews, and compliance assessments by providing required data and documentation.
• Partner with internal stakeholders to evaluate controls, identify gaps, and recommend improvements.
• Monitor and report on key risk indicators (KRIs) and trends to leadership.
• Assist in developing and maintaining policies, procedures, and risk management documentation.
• Support third-party/vendor risk management by reviewing controls and assessing external risk exposure.
• Stay current on emerging regulatory requirements, risk trends, and best practices in risk management.
• Collaborate with IT, compliance, and operations teams to improve processes and mitigate potential risks.
• Other duties as assigned.

Who You Are

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field (or equivalent experience).
• 5+ years of experience in risk management, compliance, or information security.
• Knowledge of risk management and compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, or PCI DSS.
• Experience with GRC tools (e.g., Archer, ServiceNow, or similar) preferred.
• Strong analytical, problem-solving, and organizational skills.
• Excellent communication skills with the ability to present risk insights clearly to technical and non-technical stakeholders.
• Demonstrated ability to balance risk mitigation with business objectives.
• Familiarity with cloud environments (AWS, Azure) and modern security controls is a plus.
• Certifications such as CRISC, CISSP, CISM, or GRCP preferred or in progress.