The Third Party Technology Risk Analyst will be responsible for leading risk assessments and identifying and mitigating risks across an enterprise environment as well as supporting external audit and regulatory deliverables. This role will provide the right candidate with an opportunity to gain exposure to a variety of business functions and make an impact within a critical and highly visible organization.
Responsibilities
Provide independent advice facilitation monitoring and assessment activities on a risk-basis . Define measure and report on technology related risks
Support the improvement of principles policies and governance processes as well as maintaining minimum control standards guidelines and key operating procedures to enable identification management reporting and mitigation of risks related to information technology
Provide constructive review and challenge on the implementation and operation of 1st Line Controls risk and control assessment results and control initiatives specifically relating to information technology
Provide risk management guidance/advice to the 1st line on the management of risks controls and compliance relating to information technology
Assist with the implementation of financial systems process changes and ad-hoc control reviews to ensure the control environment remains strong as systems and processes evolve
Participate in and lead assessment working-groups as necessary to understand and evaluate changes in the risk environment. Perform deep dives and reviews in high-risk areas to determine compliance with IT controls and review and provide recommendation of remediation activities
Monitor the remediation around control weaknesses to ensure timely resolution
Assist in vendor risk management program as necessary to monitor and analyze risks and determine overall information risk profile and health of the third-party vendors.
Experience in creating Risk Management KPI/KRI and Dashboards for leadership review is desired
Support Information Security Awareness training to staff and contractors
Serve as 2nd line of defense and coordinator for all compliance internal/external audit and information security inquiries and engagements
Experience with controls automation and data analytics is desired
Qualifications:
Bachelors degree or equivalent work experience; experience in either Information Technology Risk & Control or Risk Management ideally within the financial services industry
1 to 3 years of directly related experience in Information Security or Risk Management
1 to 3 years of demonstrated Governance Risk and Compliance or IT/ IS Audit related experience is required
Relevant professional certifications or working towards attainment such as: Certified in Risk and Information Systems Controls (CRISC) Certified Information System Auditor (CISA)
Technology and technology risk assessment skills (e.g. cloud technologies IT operations data center services storage and databases server virtualization cybersecurity operations and data privacy)
Working knowledge of relevant assessment frameworks and/or industry standards (e.g. COBIT 19) is a plus. Understanding of risk management principles experience in risk management and experience in regulatory frameworks for information technology is a plus
Exceptional organizational skills to balance work and lead projects
Strong cross-functional influencing skills and proven ability to work with outside advisors
Highly proficient with data analytics and reporting (e.g. PowerBI Excel PowerPoint)
Strong professional written and verbal communication skills including senior executive engagement
The Third Party Technology Risk Analyst will be responsible for leading risk assessments and identifying and mitigating risks across an enterprise environment as well as supporting external audit and regulatory deliverables. This role will provide the right candidate with an opportunity to gain exp...
The Third Party Technology Risk Analyst will be responsible for leading risk assessments and identifying and mitigating risks across an enterprise environment as well as supporting external audit and regulatory deliverables. This role will provide the right candidate with an opportunity to gain exposure to a variety of business functions and make an impact within a critical and highly visible organization.
Responsibilities
Provide independent advice facilitation monitoring and assessment activities on a risk-basis . Define measure and report on technology related risks
Support the improvement of principles policies and governance processes as well as maintaining minimum control standards guidelines and key operating procedures to enable identification management reporting and mitigation of risks related to information technology
Provide constructive review and challenge on the implementation and operation of 1st Line Controls risk and control assessment results and control initiatives specifically relating to information technology
Provide risk management guidance/advice to the 1st line on the management of risks controls and compliance relating to information technology
Assist with the implementation of financial systems process changes and ad-hoc control reviews to ensure the control environment remains strong as systems and processes evolve
Participate in and lead assessment working-groups as necessary to understand and evaluate changes in the risk environment. Perform deep dives and reviews in high-risk areas to determine compliance with IT controls and review and provide recommendation of remediation activities
Monitor the remediation around control weaknesses to ensure timely resolution
Assist in vendor risk management program as necessary to monitor and analyze risks and determine overall information risk profile and health of the third-party vendors.
Experience in creating Risk Management KPI/KRI and Dashboards for leadership review is desired
Support Information Security Awareness training to staff and contractors
Serve as 2nd line of defense and coordinator for all compliance internal/external audit and information security inquiries and engagements
Experience with controls automation and data analytics is desired
Qualifications:
Bachelors degree or equivalent work experience; experience in either Information Technology Risk & Control or Risk Management ideally within the financial services industry
1 to 3 years of directly related experience in Information Security or Risk Management
1 to 3 years of demonstrated Governance Risk and Compliance or IT/ IS Audit related experience is required
Relevant professional certifications or working towards attainment such as: Certified in Risk and Information Systems Controls (CRISC) Certified Information System Auditor (CISA)
Technology and technology risk assessment skills (e.g. cloud technologies IT operations data center services storage and databases server virtualization cybersecurity operations and data privacy)
Working knowledge of relevant assessment frameworks and/or industry standards (e.g. COBIT 19) is a plus. Understanding of risk management principles experience in risk management and experience in regulatory frameworks for information technology is a plus
Exceptional organizational skills to balance work and lead projects
Strong cross-functional influencing skills and proven ability to work with outside advisors
Highly proficient with data analytics and reporting (e.g. PowerBI Excel PowerPoint)
Strong professional written and verbal communication skills including senior executive engagement