IT Risk Analyst
Full time, direct hire
Contact Mary at email@example.com
- Responsible for hands-on execution of control testing/risk assessments and the development of control enhancement recommendations. Performs engagement efforts with IT stakeholders and conducts discovery activities for evaluation and design of new controls. Updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. Adheres to the IT Risk program standards utilizing industry best practice frameworks such as COBIT, ITIL, SANS, NIST, Basel, GLBA, SOX, PCI-DSS, FFIEC, etc.
- Coordinates Enterprise Risk Management (ERM) functions to align the IT Risk Program elements with ERM processes, to support strategic business objectives and oversight of the Risk Controls Self-Assessment (RCSA) process for Information Technology.
- Facilitation of the regulatory exam and audit efforts within Information Technology, to include the collection of audit documentation, scheduling meetings, providing audit responses for audit reports, and assisting management with responding to audit findings and recommendations.
- Monitor and track audit remediation efforts as well as ensuring follow-up reporting through the audit lifecycle.
- Coordinate validation efforts and control review, for Disaster Recovery and Business Continuity program.
- Bachelor's degree or equivalent experience, preferably in computer science or information systems.
- Extensive experience working in IT with 5+ years in a risk role that includes defining strategy, implementing new processes, project management and Information Technology audit practices.
- 3 to 5 years of experience in IT Controls testing.
- Experience with working in IT Risk domains to include Change Management, Asset Management (Hardware & Software), Enterprise operations Infrastructure Management, security operations, and secure software development.
- Experience working both independently and, in a team-oriented, collaborative environment. Ability to conduct research into technology related risks and controls.
- Experience acting as a liaison to internal audit/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders.
- Excellent written and verbal communication skills, with a proven track record of interacting effectively with business partners or clients.
- Working knowledge of Information technology and security risk management frameworks and compliance practices such as NIST, COBIT 5.1. ITIL framework.
- Ability to develop IT Risk Management standards and guidelines based on best practices and industry standards.
- IT Business Continuity planning experience preferred, especially IT Disaster Recovery planning.
- Technical or professional certifications in field of specialization highly recommended. CISA, CRISC, CISSP or CISM preferred.
- Specialized knowledge and experience in DevSecOps and Cloud Security.
Senior Recruiting Consultant
To apply for this job email your details to firstname.lastname@example.org