Senior IT Risk & Compliance Analyst
The Senior IT Risk and Compliance Analyst assists in the administration, maintenance, development and/or implementation of risk management procedures to ensure controls are adequate and effective for information systems and business functions. The individual in this position performs regular risk management and technology compliance functions and plays key role in supporting technology, cybersecurity, and ongoing compliance-related activities.
- Partners with technology teams to perform research and analysis required for designing, and implementing, information security and technical controls.
- Participates in the translation of regulatory driven requirements and makes recommendations for improvements where possible.
- Ensures controls and risks are documented and updated as needed.
- Performs coordination and tracking of open audit and policy exceptions.
- Conducts reviews to ensure that remediation or mitigation plans are completed in a timely manner.
- Prepares and presents key reporting metrics and dashboards on a regular basis.
- Develops communications for IT risk management and compliance activities for staff within all business units and offices.
- Takes the lead in maintaining risk management policies, standards, processes, and procedures.
- Develops and maintains risk appetite statement(s).
- Identifies potential risks and maintains a risk register with remediation plans.
- Ensures proper log monitoring, reporting and escalation occurrences.
- Reviews third party contract agreements and validates required controls are adequately represented.
- When assigned, serves as lead for security and compliance projects. This includes communicating across technical organizations and creating design, testing, and deployment plans.
- Other duties as assigned.
- Strong analytical skills, to analyze the effectiveness of IT General Controls.
- Basic knowledge of Microsoft Windows Operating Systems.
- Strong knowledge of industry frameworks and processes, such as International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST) and IT Service Management (ITSM).
- Fundamental knowledge of regulatory compliance laws and guidelines: GDPR, Privacy Shield, SOX, and FFIEC.
- Ability to adapt to changing business processes, technologies, and environments.
- Strong written and verbal communication skills.
- Excellent organizational skills.
- Ability to train others on risk management concepts.
- Demonstrated ability to work effectively with a team.
- Bachelor’s degree in Management Information Systems, Information Security or related field.
- 5+ years of experience in Information Security and Information Technology audit.
- CISA, CRISC or other relevant security certifications are highly desirable.