Cyber Security Risk Analyst III

We're revolutionizing the fitness & wellness industry, and we're looking for talented people to help us do it. Mindbody ClassPass bring together the best of both sides of the market: Mindbody is the industry's most trusted all-in-one technology platform; ClassPass is one of the most popular apps for fitness & self-care enthusiasts. Together we're partnering with more than 70,000 fitness studios, gyms, salons, and spas around the world. We're not just another tech company-we're far and away the leader of our industry. So join the team, work with mission-led people, and enjoy amazing benefits. Let's see what we can accomplish together!

We're a passionate engineering, platform, and operations team, developing and supporting ground-breaking products. Together, we'll build for the future, creating more opportunities for wellness businesses around the world to help their customers lead full, healthy lives. We push ourselves and our company to always strive for this higher purpose, recognizing the power in working together toward the same goal. We believe in building a diverse company where everyone feels safe bringing their authentic selves to work. And we believe that the secret to success is our people. Join the team, and let's see what we can accomplish together!

As a Cyber Security Risk Analyst III you'll be a part of a team of cyber security GRC and resilience experts focused on the identification, assessment, continuous monitoring, and reporting of cyber security risks across the organization. You'll pursue continuous improvement to help Mindbody achieve its mission: Powering the world's fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else.

• Developing and driving light-touch information security risk assessments including identification, assessment and measurement across different data sets, tools and cloud environments
• Implementing and managing an effective SaaS security risk management program
• Documenting, tracking and evaluating the effectiveness of risk mitigation efforts performed by cross-functional teams
• Conducting threat models to identify, understand exposures and communicate possible treatment strategies
• Creating dashboards and presentation materials for various levels of stakeholders including management
• Analysis, validation, and reporting on risk posture, exposure, KRI's and treatment status
• Defining Mindbody's security risk tolerance levels
• Gaining a deep understanding of Mindbody's security controls and how they mitigate our risks.

You love to collect and analyst data to identify and communicate overall risk posture, exposures and risk treatment options. You know the best platform is created through collaboration and iteration and you're looking for the right opportunity, and the right team, to expand your experience. You seek feedback because it can turn good work into great work. You like to conduct security risk analysis that helps identify and articulate risk, you value simplicity, and you strive to eliminate unnecessary complexity.

At Mindbody value team members who are curious, practical, and-openminded), and who care about our product, their teammates, and their own personal growth. We're faced with an interesting set of technical challenges, and we believe in giving our engineers the freedom to create solutions based on their unique perspective.

Much of our team comes from non-traditional computing backgrounds. In bringing together diverse voices, we'll build a better product, and a better company. We care less about which languages or frameworks you know, and more that you're excited to produce high-quality code and be consciously evolving. Our engineers work in cross-functional, collaborative teams focused on impact. We work very closely with our brilliant product team to deliver a world-class user experience, and ultimately to empower our users to create and grow successful businesses.

• 5-7 years' experience in a similar role with one or more of the following: CISSP, CRMP, CRISC certifications
• Conducting quantitative and qualitative risk analysis
• Implementing security risk management processes and frameworks like NIST CSF and FAIR
• Using analytical risk models
• Cyber security principles, risk management strategies, and IT governance frameworks
• Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain security risk concepts in a way that is easy to understand
• Strong problem-solving skills and the ability to think strategically and analytically
• Experience with cloud environments, particularly AWS, is preferred.

While we value experience with these technologies, we're primarily looking for team members with strong analytical skills and the ability to quicky pick up new tools and frameworks

• AWS
• Wiz
• Axonius
• GRC tools such as Auditboard or similar
• Power BI
• Python
• Excel

It is Mindbody's intent to pay all Team Members competitive wages and salaries that are motivational, fair and equitable. The goal of Mindbody's compensation program is to be transparent, attract potential employees, meet the needs of all current employees, and encourage Team Members to stay with our organization.

Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location.

The base salary range for this position in the United States is $92,000 to $115,000. The total compensation package for this position may also include performance bonus, benefits and/or other applicable incentive compensation plans.

Sound like the role for you? We'd love to hear from you! Even if you're not 100% sure about potential fit, we still encourage you to apply. We're looking for the right person, not the perfect series of checkboxes.

Mindbody is an Equal Opportunity Employer. We highly value diversity at our company and encourage people of all different backgrounds, experiences, abilities and perspectives to apply. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.

|