CrawlJobs Logo

Security & Risk Analyst

spothero.com Logo

SpotHero

Location Icon

Location:
United States; Canada , Chicago

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

69600.00 - 87000.00 USD; CAD / Year
Save Job
Save Icon
Apply Position

Job Description:

As a Security and Risk Analyst at SpotHero, you will be responsible for safeguarding our marketplace, preventing financial losses, and protecting customer trust. This role is essential to SpotHero’s ability to provide a secure, seamless payment experience and maintain our relationships with our payment partners. The Security and Risk Analyst will identify and stop fraudulent transactions before they occur, reduce dispute ratios and associated fees, and ensure our marketplace remains a trustworthy environment for drivers and partners alike. Your work will directly preserve revenue, reduce chargebacks, and strengthen SpotHero’s risk posture across the platform. This is a great opportunity for someone looking to grow in the areas of data-driven fraud prevention and security operations within a fast-paced dynamic environment.

Job Responsibility:

  • Monitor real-time transactions, user activity, and system alerts to identify emerging fraud indicators
  • Investigate suspicious transactions involving CNP fraud, account takeovers, identity misuse, discount/promo abuse, and other marketplace-specific risks
  • Apply a preventative mindset to ensure secure payments and minimize payment disputes, chargeback fees, and operational exposure
  • Analyze transaction data to identify fraud trends, behavioral anomalies, and systemic vulnerabilities
  • Propose rule adjustments, thresholds, and workflow improvements to reduce vulnerabilities and fraud losses
  • Partner with Software Security, Data, Product, Engineering, and Operations to strengthen controls and inform fraud mitigation strategies
  • Provide fraud-focused recommendations during product launches, payment flow updates, or new feature development to ensure preventive controls are embedded early
  • Contribute to the enhancement of dashboards, review queues, case management workflows, and reporting accuracy
  • Identify opportunities to automate manual review tasks and enhance detection logic
  • Maintain precise, audit-ready documentation that supports dispute evidence, compliance requirements, and internal risk governance
  • Contribute to policy and process updates for fraud prevention and security
  • Educate internal teams on fraud awareness and best practices

Requirements:

  • 3–5+ years of experience in fraud detection, risk analysis, or payments fraud within a high-volume marketplace, fintech, or e-commerce environment
  • Strong analytical skills with the ability to identify patterns and anomalies in large data sets using dashboards, fraud tools, and/or SQL for deeper pattern analysis
  • Experience working with payment processors and familiarity with chargeback workflows and evidence collection
  • Familiarity with online payment systems, account authentication, or transaction monitoring
  • Strong communication skills for sharing findings, risks, and insights with both technical and non-technical stakeholders
  • Exceptional attention to detail, accuracy in documentation, and the ability to operate independently in a fast-paced environment
  • Knowledge of PCI-DSS and other compliance standards
What we offer:
  • We cover a generous portion of Medical Premiums, 50% of Dental and Vision Premiums, company-sponsored Life Insurance, STD, and AD&D coverage, a 401(k) with match and immediate vesting, and comprehensive leave policies
  • Canada: We offer Medical (prescription drug and paramedical coverage), Dental, Vision, Life Insurance, STD, and LTD
  • Flexible PTO policy and outstanding work/life balance
  • Grubhub weekly lunch stipend for in-office days (Uber Eats for Canada)
  • Udemy License and Personal Learning Budget
  • Annual parking stipend
  • The opportunity to collaborate with fun, innovative, and passionate people in a casual yet highly productive atmosphere
  • Our commitment to allyship has been a central driver of how we Respect Fellow Drivers. You’ll have the opportunity to be part of Employee Resource Groups, access allyship learning resources, and actively contribute to our ongoing effort of making SpotHero inclusive for all
  • Employee programs to grow and support our people such as Discovery Days for Product and Engineering, Gearing up for Aspiring Leaders, and Mentorship Program
  • Wellness program – a workplace that actively supports your physical and mental wellbeing through ongoing events, initiatives, resources, and thoughtful perks and benefits

Additional Information:

Job Posted:
January 18, 2026

Employment Type:
Fulltime
Icon
SpotHero - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Security & Risk Analyst

Senior Third-Party Security Risk Analyst

As a Senior Third-Party Security Risk Specialist at Ledger, you will play a vita...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master degree in Information Security, Cybersecurity, or a related field
  • 5+ years of progressive experience in third-party risk management, with a strong background in audit, risk management, compliance, or a related control function within a complex organization
  • Proven project management skills with the ability to manage complex, cross-functional projects and maintain comprehensive documentation
  • In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) and experience in applying them to third-party risk management and regulatory requirements
  • Excellent analytical and problem-solving skills with a focus on identifying root causes and developing effective solutions
  • Strong communication and interpersonal skills, including the ability to influence and negotiate with vendors and stakeholders at all levels
Job Responsibility
Job Responsibility
  • Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
  • Proactively identify and evaluate potential security/privacy risks associated with a particular focus on those that could impact Ledger's reputation, financial stability, and customer trust
  • Develop and implement risk mitigation strategies to address identified vulnerabilities
  • Lead the collaboration with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
  • Establish and maintain a robust vendor security monitoring program, driving continuous improvement in vendor security posture and compliance
  • Develop, implement, and continuously improve Ledger's third-party security risk management program, including policies, standards, procedures, and tools
  • Prepare reports and presentations on vendor security risks and mitigation efforts to senior management, stakeholders, and the Comex
  • Participate in audits as part of the Privacy audit program according to the agreed annual audit plan
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products
  • Fulltime
Read More
Arrow Right

Risk & Information Security Associate Analyst

We are looking for a highly organized, detail-oriented Risk & Information Securi...
Location
Location
Cyprus , Nicosia
Salary
Salary:
Not provided
www-ap.albourne.com Logo
Albourne
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–3 years of professional experience
  • Excellent organizational skills with the ability to manage multiple workstreams and meet deadlines in a dynamic environment
  • Strong written and verbal communication skills, including the ability to prepare concise, well-structured documents and interact professionally across all levels of the business
  • Meticulous attention to detail, particularly in preparing audit materials, compliance documentation, and reviewing access controls
  • Proactive and self-motivated, able to work independently and across time zones without direct daily supervision
  • Comfortable handling sensitive and confidential information with discretion
  • Interest in technology, cybersecurity, and enterprise risk
  • Basic understanding of information security principles and frameworks (e.g., ISO 27001, NIST)
  • Ability to interpret and work with structured information (e.g., policies, risk registers, audit plans)
  • Capable of coordinating inputs from multiple stakeholders and compiling them into coherent outputs (e.g., committee papers, training summaries, client DDQs)
Job Responsibility
Job Responsibility
  • Monitor and report on the effectiveness of information security controls
  • Support the identification, tracking, and resolution of security incidents or weaknesses
  • Assist in maintaining security metrics and dashboards for internal reporting
  • Contribute to the assessment of operational, technology, and third-party risks
  • Assist in evaluating controls and proposing mitigation strategies aligned with risk appetite
  • Participate in internal audits and control testing, ensuring timely remediation of findings
  • Help maintain and enforce security and risk management policies and procedures
  • Support compliance with relevant data protection, privacy, and information security regulations
  • Coordinate periodic user access reviews and assist with awareness initiatives
  • Work across departments to gather risk-related information and support secure business operations
What we offer
What we offer
  • Support for professional qualifications (such as CFA and CAIA)
  • Career growth and tools for ongoing learning and development
  • Medical insurance for you and your dependents
  • Provident fund
  • Yearly bonus dependent upon performance and company growth
  • Opportunity for international travel (i.e., short periods of secondment to other Albourne offices)
  • 5 additional service recognition holidays in surplus to standard annual leave
  • Albourne Training Days (minimum of 40 hours per year)
  • Free office parking
  • A supportive, diverse, and multi-cultural work environment
  • Fulltime
Read More
Arrow Right

Senior Third-Party Security Risk Analyst

As a Senior Third-Party Security Risk Specialist at Ledger, you will contribute ...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master degree in Information Security, Cybersecurity, or a related field
  • 5+ years of progressive experience in third-party risk management, with a strong background in audit, risk management, compliance, or a related control function within a complex organization
  • Proven project management skills with the ability to manage complex, cross-functional projects and maintain comprehensive documentation
  • In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework) and experience in applying them to third-party risk management and regulatory requirements
  • Excellent analytical and problem-solving skills with a focus on identifying root causes and developing effective solutions
  • Strong communication and interpersonal skills, including the ability to influence and negotiate with vendors and stakeholders at all levels.
Job Responsibility
Job Responsibility
  • Conduct comprehensive security assessments of third-party vendors, including reviewing their security policies, procedures, and controls
  • Proactively identify and evaluate potential security/privacy risks associated with a particular focus on those that could impact Ledger's reputation, financial stability, and customer trust
  • Develop and implement risk mitigation strategies to address identified vulnerabilities
  • Lead the collaboration with vendors to remediate security gaps and ensure compliance with Ledger's stringent security requirements
  • Establish and maintain a robust vendor security monitoring program, driving continuous improvement in vendor security posture and compliance
  • Develop, implement, and continuously improve Ledger's third-party security risk management program, including policies, standards, procedures, and tools
  • Prepare reports and presentations on vendor security risks and mitigation efforts to senior management, stakeholders, and the Comex
  • Participate in audits as part of the Privacy audit program according to the agreed annual audit plan.
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products.
  • Fulltime
Read More
Arrow Right

Security Governance Risk & Compliance (GRC) Analyst

Here at Virtru you’ll help build a cutting edge security compliance program alig...
Location
Location
United States , Washington, DC
Salary
Salary:
130000.00 - 180000.00 USD / Year
virtru.com Logo
Virtru
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
Job Responsibility
Job Responsibility
  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning
What we offer
What we offer
  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Fulltime
Read More
Arrow Right

Security Analyst

As a Security Analyst focused on Governance, Risk, and Compliance (GRC), your co...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 1-3 years of operational experience in a role focused on Security Assurance, Third-Party Risk (TPR) Management, or GRC
  • Practical experience assisting with the management of security compliance programs (e.g., SOC 2, ISO 27001, or similar), including coordinating evidence collection from control owners and documenting attestations
  • Proven ability to manage and update content within a Security Trust Center platform (like SafeBase or similar), including document organization, access controls, and questionnaire response management
  • Practical understanding of the vendor security review lifecycle, including the ability to triage, assess, and document risk findings for internal and external suppliers
  • Excellent organization and prioritization skills with a proven track record of strong follow-through and working effectively toward defined service level agreements (SLAs) in a fast-paced environment
  • Clear and concise written communication, with the skill to translate complex security concepts (e.g., policy, controls) into practical, action-oriented guidance suitable for technical and non-technical internal teams
  • Familiarity with common security frameworks (e.g., SOC 2, ISO 27001, or similar) is a plus, and a high degree of curiosity, a learning mindset, and a positive, security-first attitude are essential
Job Responsibility
Job Responsibility
  • Complete security third-party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third-Party Security Management Standard in partnership with Procurement and Legal
  • Assist where required the timely completion of high-quality responses to customer and prospect security requests, due diligence questionnaires (DDQs), and information requests
  • Proactively assist and help maintain all security and compliance documentation, artifacts, policies, and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self-service experience for customers
  • Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle
  • Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement, and overall security assurance efforts for leadership visibility
  • Assist with the design, coordination, and delivery of our hybrid cybersecurity awareness program
  • Draft and schedule compelling security insights for internal newsletters, Slack, and email, translating complex policy and control requirements into clear, action-oriented guidance for all employees ("Campers")
  • Support the operationalisation of the security champions program across business units to extend program reach and reinforce secure-by-default behaviours across the organization
  • Assist the GRC team with the ongoing management and maintenance of our key security compliance programs (e.g., ISO 27001, SOC 2), which includes coordinating evidence collection, documentation updates, and control attestations
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
Read More
Arrow Right

Security GRC Analyst

Juni is seeking a Security GRC (Governance, Risk, and Compliance) Analyst to pla...
Location
Location
Sweden , Stockholm; Gothenburg
Salary
Salary:
Not provided
juni.co Logo
Juni
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2 to 4 years of experience in information security governance, risk, or compliance roles
  • Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA)
  • Degree in Cybersecurity or Information Systems or similar
  • Knowledge of security frameworks (e.g., CIS Controls, NIST CSF)
  • Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management
  • Experience in coordinating activities for security certifications and audits
  • Ability to develop and track security metrics (KPIs)
  • Strong analytical, problem-solving, and organisational skills
  • Excellent communication skills, comfortable presenting to various stakeholders
  • A proactive and independent worker who is also a strong team player
Job Responsibility
Job Responsibility
  • Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant
  • Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders
  • Maintain the risk register and support daily risk management activities with growing independence
  • Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives
  • Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones
  • Support our 3rd party procurement process
  • Monitor the implementation and effectiveness of security controls across the organisation
  • Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001
  • Coordinate and support the implementation of remediation plans to address identified compliance gaps
  • Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals
What we offer
What we offer
  • Work hybrid
  • Meet all Junis IRL at the company onsite each year
  • Diversity is at our core
  • Progress your career whether you choose to manage people or not
  • Stock options
  • Vacation 30 days
  • Private Health insurance
  • Beautiful offices in central Gothenburg and Stockholm, front row sea view
  • Fulltime
Read More
Arrow Right

Lead Security Analyst

Provide technology consulting to external customers and internal project teams. ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field
  • Minimum 10 years in IT security, with at least 5 years in a leadership role
  • Proven experience with enterprise firewalls (Palo Alto, Fortinet, Check Point)
  • Strong cloud security knowledge (AWS, Azure, Google Cloud)
  • Experience with DDoS mitigation tools (Cloudflare, Akamai, AWS Shield)
  • Proficiency with Burpsuite
  • Hands-on with SIEM, SOAR, EDR, and vulnerability management tools
  • Strong analytical thinking and problem-solving ability
  • Excellent communication and stakeholder management
Job Responsibility
Job Responsibility
  • Develop and maintain the IT security roadmap aligned with cloud and enterprise infrastructure
  • Lead security design reviews for new systems, services, and cloud deployments
  • Deploy, configure, and manage network security appliances (e.g., next-gen firewalls, IDS/IPS, WAF)
  • Implement cybersecurity protocols including endpoint protection, identity management, and access control
  • Design and operate DDoS protection mechanisms for critical systems
  • Enforce security measures across public, private, and sovereign cloud environments
  • Monitor and audit cloud configurations for compliance with ISO 27001, NIST, CIS, etc.
  • Lead threat modeling, risk assessments, and vulnerability management
  • Oversee incident detection, response, and recovery processes
  • Ensure compliance with GDPR, HIPAA, PCI-DSS, and other regulations
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Securities & Derivatives Analyst

The Securities & Derivatives Analyst is an intermediate level position responsib...
Location
Location
Poland , Warsaw
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Knowledge and experience of Aladdin application will be the biggest advantage
  • 1-2 years of relevant experience
  • Fundamental understanding of Treasury, Securities or Derivatives products, accounting, and regulatory policies
  • Preferable additional experience in supporting Corporate Actions, Static Data including Security/Pricing setups or designing SQL queries
  • Proven ability to perform various concurrent activities/projects in a high-risk environment
  • Ability to work in a fast-paced environment
  • Working during USA working hours (NAM shift)
Job Responsibility
Job Responsibility
  • Process securities transactions, provide analytic input for traders and aid in review of derivative products
  • Identify and resolve securities and derivative settlement issues, and make process improvement recommendations to leadership
  • Analyze moderately complex reports to satisfy management requirements, aid in control activities, and contribute to the launch of product services
  • Monitor and suggest solutions to errors to minimize risk to the bank, through an intermediate knowledge of procedural requirements
  • Escalate transaction processing issues to the appropriate department and collaborate on a solution
  • Design and analyze moderately complex reports, in coordination with standards set by direct leadership
  • Assist with control activities, and the launch of new products and services
What we offer
What we offer
  • Competitive salary
  • Private health care
  • Life insurance
  • Sport/fitness card
  • Sponsored Employee Pension Plan
  • Employee Assistance Program
  • Zoom-Free Fridays
  • Citi Reset Day
  • Charity Day
  • Development Day
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy