Overview:
POSITION OVERVIEW
The Senior IT and Security Risk Analyst is responsible for identifying and managing IT and security risks by independently conducting IT and security risk assessments and recommending effective risk management strategies. Collaborates with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Utilizes analytical thinking and problem-solving abilities for a deep understanding of IT infrastructure and cybersecurity principles.
DUTIES & RESPONSIBILITIES
Works with and supports the business units and/or business departments in the facilitation of the IT Risk Management (ITRM) framework
Leads the discussion of IT and security risks with stakeholders and business units
Manages and participates in ITRM program activities associated with, but not limited to: tracking, completion, and reporting of IT and security risks and remediation plans, oversight of the Application Risk Profile process and remediation plans and reviewing, analyzing, and reporting on risk-related issues
Facilitates the review and risk evaluation of new or existing information resources or technology related services
Develops and manages the reporting of various risk and control indicators, such as inherent risk, control effectiveness, residual risk, and overall status
Supports the development, implementation, and maintenance of risk assessment frameworks
Preparing status reports and presentations on a timely basis
Other ITRM duties as assigned
MINIMUM REQUIREMENTS
Bachelor’s Degree in a technology related field or business administration, accounting, finance, or related field or the equivalent combination of education and experience
Requires 5+ years of experience in IT and security risk management (or similar field)
Knowledge of IT and Security principles/frameworks such as COBIT, NIST CSF, Cloud Controls Matrix, CIS CSC, ITIL, ISO 27001
GRC software experience
PREFERRED EXPERIENCE
Security related certifications such as CISA, CISSP, CISM, CRISC, or Security+
Experience with BWise/SAI360 GRC
GRC power user
Familiar with the SOC2 process and controls
Familiar with Unified Compliance Framework and/or similar IT/Security Frameworks
Ability to prepare presentations, status reports, process narratives and workflow diagrams
Demonstrate ability to plan, schedule, and coordinate work, and able to maintain elevated levels of confidentiality and professionalism
Permanent