Senior Risk Technology Analyst

The Third Party Technology Risk Analyst will be responsible for leading risk assessments and identifying and mitigating risks across an enterprise environment, as well as supporting external audit and regulatory deliverables. This role will provide the right candidate with an opportunity to gain exposure to a variety of business functions and make an impact within a critical and highly visible organization.

Responsibilities

• Provide independent advice, facilitation, monitoring, and assessment activities on a risk-basis . Define, measure, and report on technology related risks
• Support the improvement of principles, policies and governance processes, as well as maintaining minimum control standards, guidelines and key operating procedures to enable identification, management, reporting and mitigation of risks related to information technology
• Provide constructive review and challenge on the implementation and operation of 1st Line Controls, risk and control assessment results and control initiatives specifically relating to information technology
• Provide risk management guidance/advice to the 1st line on the management of risks, controls and compliance relating to information technology
• Assist with the implementation of financial systems, process changes, and ad-hoc control reviews to ensure the control environment remains strong as systems and processes evolve
• Participate in and lead assessment working-groups as necessary to understand and evaluate changes in the risk environment. Perform deep dives and reviews in high-risk areas to determine compliance with IT controls and review and provide recommendation of remediation activities
• Monitor the remediation around control weaknesses to ensure timely resolution
• Assist in vendor risk management program as necessary to monitor and analyze risks and determine overall information risk profile and health of the third-party vendors.
• Experience in creating Risk Management KPI/KRI and Dashboards for leadership review is desired
• Support Information Security Awareness training to staff and contractors
• Serve as 2nd line of defense and coordinator for all compliance, internal/external audit, and information security inquiries and engagements
• Experience with controls automation and data analytics is desired

Qualifications:

• Bachelor's degree or equivalent work experience; experience in either Information Technology Risk & Control or Risk Management, ideally within the financial services industry
• 1 to 3 years of directly related experience in Information Security or Risk Management
• 1 to 3 years of demonstrated Governance, Risk, and Compliance or IT/ IS Audit related experience is required
• Relevant professional certifications or working towards attainment such as: Certified in Risk and Information Systems Controls (CRISC), Certified Information System Auditor (CISA)
• Technology and technology risk assessment skills (e.g. cloud technologies, IT operations, data center services, storage and databases, server virtualization, cybersecurity operations, and data privacy)
• Working knowledge of relevant assessment frameworks and/or industry standards (e.g., COBIT 19) is a plus. Understanding of risk management principles, experience in risk management and experience in regulatory frameworks for information technology is a plus
• Exceptional organizational skills to balance work and lead projects
• Strong cross-functional influencing skills, and proven ability to work with outside advisors
• Highly proficient with data analytics and reporting (e.g. PowerBI, Excel, PowerPoint)
• Strong, professional written and verbal communication skills, including senior executive engagement

Required Skills : Vendor Risk Auditing,CEH (Certified Ethical Hackers)/PenTest

Basic Qualification :

Additional Skills : Security Analyst,Security Engineer

Background Check : No

Drug Screen : No