What you'd actually do

Maintain and continuously improve the cybersecurity and crown-jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current.

Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture.

Use Rivian’s risk platform and AI-enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication.

Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices.

Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier-driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment.

Skills

Required

Cybersecurity risk management
Risk registers
Key Risk Indicators (KRIs)
NIST Cybersecurity Framework (CSF)
ISO 27001
Risk assessment
Risk treatment
GRC/IRM platforms
Analytical skills
Communication skills
Cross-functional collaboration

Nice to have

Modern GRC/IRM or dedicated risk platforms
Building risk dashboards
CRISC, PMI-RMP, CISM certifications
Experience in fast-paced, high-growth environments (technology, automotive, manufacturing)

What the JD emphasized

primary responsibility for leading or owning a risk management function, program, or risk domain

Hands-on experience maintaining and operating risk registers and risk management tooling

Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001

Demonstrated ability to influence risk treatment decisions, not just document them

Strong analytical and quantitative risk skills

High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation

About Rivian Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract. As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations. Role Summary The Cybersecurity Analyst – Risk Management is a mid-career individual contributor supporting Rivian’s cybersecurity risk management practice. This role involves day-to-day management of cybersecurity risks, monitoring key risk indicators (KRIs), and facilitating risk discussions with technology and business stakeholders. The analyst will leverage Rivian’s risk platforms and AI-enabled tooling to improve efficiency, transparency, and defensibility of risk decisions. This role sits within Enterprise Cybersecurity on the Cybersecurity Risk Management team and partners closely with the Cyber Third-Party Risk Management (TPRM) lead, security engineering teams, and other functions. Responsibilities Risk Register Ownership: Maintain and continuously improve the cybersecurity and crown-jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current. Track risk status from identification through treatment and closure, including documenting decisions, owners, due dates, dependencies, and evidence. Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture. Meet regularly with risk owners and functional leaders to gather updates, validate assumptions, and align on risk treatment plans and progress. Evaluate how risks propagate across systems, suppliers, processes, and programs; surface second-order and cascading impacts in risk narratives and dashboards. Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier-driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment. Help facilitate workshops and review sessions with business and technology leaders to clarify risk scenarios, tradeoffs, and treatment options. Use Rivian’s risk platform and AI-enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication. Maintain and evolve a Cybersecurity Risk Dashboard that provides an accurate, near real-time view of key risks, KRIs, and trends for leadership and governance forums. Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices. Identify gaps and friction in current risk processes and propose practical improvements to increase clarity, adoption, and impact. Qualifications Minimum Qualifications 5+ years of combined experience in cybersecurity, technology risk, enterprise risk management, or related fields. At least 3 years with primary responsibility for leading or owning a risk management function, program, or risk domain within an organization. Hands-on experience maintaining and operating risk registers and risk management tooling, including GRC, IRM, or dedicated risk platforms. Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001, including risk assessment/treatment concepts and control alignment. Demonstrated ability to influence risk treatment decisions, not just document them, by framing options, tradeoffs, and business impact for stakeholders. Strong analytical and quantitative risk skills, including building KRIs, basic risk modeling, scenario comparison, and trend analysis. High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation to improve risk processes. Excellent written and verbal communication skills with the ability to translate complex technical risks into concise, business-relevant narratives. Proven ability to work cross-functionally, build trust with stakeholders, and facilitate productive discussions in ambiguous situations. Preferred Qualifications Experience with modern GRC/IRM or dedicated risk platforms and building risk dashboards for security leadership. Professional certifications such as CRISC, PMI-RMP, CISM, or similar. Experience in fast-paced, high-growth environments such as technology, automotive, or manufacturing, where speed, agility, and rigor are required. Pay Disclosure The salary range for this role is $140,600 to $186,360 for Georgia based applicants. This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, geographic location, shift, and organizational needs. The successful candidate may be eligible for annual performance bonus and equity awards. We offer a comprehensive package of benefits for full-time and part-time employees, their spouse or domestic partner, and children up to age 26, including but not limited to paid vacation, paid sick leave, and a competitive portfolio of insurance benefits including life, medical, dental, vision, short-term disability insurance, and long-term disability insurance to eligible employees. You may also have the opportunity to participate in Rivian’s 401(k) Plan and Employee Stock Purchase Program if you meet certain eligibility requirements. Full-time employee coverage is effective on their first day of employment. Part-time employee coverage is effective the first of the month following 90 days of employment. More information about benefits is available at rivianbenefits.com. You can apply for this role through careers.rivian.com (or through internal-careers-rivian.icims.com if you are a current employee). This job is not expected to be closed any sooner than 5/5/26. Equal Opportunity Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law. Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at candidateaccommodations@rivian.com. Candidate Data Privacy Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law. Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services. Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions. Please note that we are currently not accepting applications from third party application services.