Grc Risk Analyst Jobs in Wisconsin (NOW HIRING)

Posting Type

Hybrid/Remote

Job Overview

The Senior Manager of Enterprise Security is a technical people leader responsible for developing, implementing, operating, and continuously optimizing a multi-layered security ecosystem across corporate, cloud, and product environments. This role drives a defense-in-depth strategy, embeds security into AI-augmented SecDevOps and continuous compliance programs, and leads a living, learning, and adaptive security function that evolves with the threat, regulatory, and business landscape. In partnership with Engineering, IT, Legal, and Governance, Risk, and Compliance, this leader translates security strategy into measurable outcomes that scale with the business.

Job Description and Requirements

Defense in Depth & Security Operations

• Architect and own thetactical execution ofenterprise defense-in-depthstrategy aligned with security strategic intent: define layered controls across network, endpoints, identity, cloud workloads, and data,witheffective layeredcontrols at every tier and coverage mapped torelevant frameworks.

• Design and operate an integrated detection stack (EDR, NDR, CDR, SIEM/SOAR) with AI-enabledUEBA, ML-based alert prioritization, and automated enrichment to reduce MTTD and MTTRand increase defense in depth efficacy.

• EnforceadaptiveZero Trust principles (ZTNA, least-privilege micro-segmentation, phishing-resistant MFA/FIDO2, JIT access) and SASE/SSE architecture across all access paths.

• Ensure configuration and implementation of hardeningstandards using CIS Benchmarks/DISA STIGs with automated compliance validation, and maintain IR playbooks covering ransomware, supply chain compromise, cloud account takeover, and AI/ML model poisoning.

AIDevSecOps & Secure Development

• Build and operate an AI-augmentedDevSecOps program: embed SAST, DAST, SCA, secret scanning, IaC analysis, and container image securityinto CI/CD pipelines with AI-generated fix recommendations surfaced in PR workflows.

• Deploy AI-assisted threat modeling, exposure analysis and exploit validation methodsand establishgenerative and agentic AI security &governancemethodologies.

• Run a security champions program embedding technical advocates in engineering teams to own secure coding standards, security debt backlog management, and threat model participation.

Cloud, Vulnerability & Threat Intelligence

• Lead, implement and optimize cloud securityprograms across multi-cloud environments with automated drift detection, policy-as-code enforcement, and runtime workload protection.

• Run a risk-basedexposuremanagement programwiththreat intelligencecontext to prioritize remediation SLAs; operate continuous ASM.

• Integrate threat intelligence (OSINT, commercial feeds, ISAC) intopurple teaming efforts andconduct or overseepurple team engagements mapped toevolving threat landscape.
  

Governance, Strategy & Collaboration

• Define and track security KPIs grounded in technical outcomes: patch SLA compliance, control coverage heat maps, mean dwell time, lateral movement detection rates, and pipeline gate trends.

• Work with the information security GRC function to adapt and evolvesecurity policies, technical standards, and control baselines aligned toSOX,SOC 2, ISO 27001, HIPAA, GDPR, and CCPA;to hedge risk associated with evolving regulatory landscape.

• Partner with Compliance and Legal on audits, certifications, e-discovery, and forensic integrity requirements; translate technical risk into quantitative business impact using frameworks such as FAIR.

• Serve as a trusted technical advisor to executives and architects; embed security into technology roadmaps, M&A due diligence, and vendor risk assessments.

People Management Responsibilities

• Builds, coaches, and retains a high-performing, technically elite security team. Creates an environment of psychological safety, accountability, and engineering excellence with clear career paths spanning technical specialization and leadership. Drives structured performance management, proactive talent development, and inclusive leadership practices to keep the team motivated and equipped to deliver exceptional outcomes.

Minimum Qualifications:

• Bachelor's degree in Computer Science, Information Security,a related field,orequivalent hands-on experience considered.

• 10+ years in enterprise or product security with 4+ years in a senior technical leadership role owning multi-domain programs.

• Hands-on technical depth:network security, detection engineering, incident response, endpoint management, custom scripting and telemetry engineering

• Proven defense-in-depth/ layered defensedesign experience: evaluating and improving layered control effectiveness across network, endpoint, identity, cloud, and application domains.

• Practical experience with AI-augmented security: ML-based detection, SOAR automation, or AI-integrated DevSecOps pipelines.

• Mastery of NIST CSF, MITRE ATT&CK, CIS Controls, Zero Trust (NIST SP 800-207), and cloud security frameworks (AWS, Azure, or GCP).

• Demonstrated ability to communicate technical security risk and architectural trade-offs to both technical peers and executive audiences.

• Hybrid (2+ days in office) or remote based on company policy.

Preferred Qualifications:

• Experience securing SaaS, cloud-native, or globally distributed regulated environments.

• Familiarity with legal technology, e-discovery, litigation holds, and digital forensics chain-of-custody requirements.

• Experience with LLM/AI security: prompt injection, model poisoning, AI output validation, and governance for AI-assisted code generation.

• Scripting and automation skills (Python, Bash, PowerShell) applied to detection engineering, tooling integration, or compliance automation.

• Certifications such as CISSP, CISM, OSCP, GCIH, GCFA, CCSP, or AWS Security Specialty.

Relativity is committed to competitive, fair, and equitable compensation practices.

This position is eligible for total compensation which includes a competitive base salary, an annual performance bonus, and long-term incentives.

The expected salary range for this role is between following values:

$185,000 and $277,000

The final offered salary will be based on several factors, including but not limited to the candidate's depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position.

Required Skills:

Access Management, Defense in Depth, Network Security, Project Management, Risk Management, Security Architecture Design, Security Audit, Security Awareness, Security Engineering, Security Operations, Vulnerability Management