PURPOSE:

As an Enterprise IT Risk Analyst, you will assess, test, document, and monitor the SECU technology ecosystem to ensure the IT control environment effectively mitigates risks associated with an everchanging threat landscape.  The Enterprise IT Risk Analyst will possess a wide range of technical and interpersonal skills to bridge the gap between technology organizations and the business.  Must have a big-picture perspective, ability to execute end-to-end risk management processes, and ability to quickly establish trust and build productive relationships across multiple departments.  The Enterprise IT Risk Analyst will require expertise to perform technology risk assessments, provide input to and/or document IT policies, standards, and guidelines, develop, monitor, and track risk remediation plans, and aggregate and report key risk metrics to senior stakeholders.    

KEY RESPONSIBILITIES: 
 

• Perform technology risk assessments of SECU applications and business processes.
• Document risk assessment processes and procedures.
• Develop and deliver written risk reports that quantify risk exposure and highlight control deficiencies.
• Provide input to the review of IT Policies, Standards, and Guidelines to ensure company assets are adequately protected and to ensure compliance with relevant legislation and legal interpretation.
• Promote security and education and awareness throughout the company.
• Partner with risk remediation owners and issues management to establish remediation plans with milestones and target dates.
• Ensure adequacy of risk remediation plans and establish follow-up routines to monitor progress.  
• Quantify inherent and residual IT risk levels to enhance analytics, inform prioritizations, and for use in management reporting.
• Execute ad-hoc or advanced technology risk assessments that may not fit a prescribed assessment pattern. 
• Establish and maintain an enterprise IT control inventory mapped to relevant industry guidance (e.g., NIST)
• Engage senior leaders in IT to facilitate annual IT Policy and Standard lifecycle reviews.
• Partner with relevant stakeholders to establish clear and consistent IT risk reporting, metrics, KRIs, and KPIs to inform decision making.
• Provide guidance, coaching, and direction for more junior employees as appropriate.
• Demonstrate the ability to communicate clearly, effectively, and efficiently, no matter the audience.

Functional Skills:
 

• Leadership, teamwork, collaboration, self-driven and effective communication skills - both written and verbal.
• Advanced proficiency in one or more of the following: 
  • Risk and controls assessments
  • Documenting and maintaining IT Policies / Standards
  • IT Risk aggregation, reporting, KPI/KRIs
  • Issues management
  • Third party risk management 
• Thorough knowledge of various industry security standards and frameworks including: NIST, ISO 27001, PCI
• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
• Experience working in a financial institution or heavily regulated environment.
• Ability to operate with a high degree of independence to effectively manage schedules and competing priorities.
• Ability to build relationships and trust with colleagues and subordinates in an accelerated manner via radical candor, vulnerability, and honesty.
• Ability to communicate clearly, effectively, and efficiently, no matter the audience.
• Proven experience successfully leading moderate to large-scale projects and initiatives.

EDUCATION / EXPERIENCE:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent educational experience.
• At least 5 years of experience in related field
• Professional certifications such as:  CISSP, CISA, CISM, CRISC, or other relevant industry certification.

Job Environment:

• Remote working and remote options are available.
• Office setting with physical proximity to other employees is also intermittently required.
• Some background noise from other employees and their activities can be expected.

PHYSICAL DEMANDS:

• Must be able to comprehend and carry out verbal and written instructions.
• Job requires a substantial amount of sitting.
• Use hands and fingers to press keys on a computer keyboard to enter or retrieve information.
• Use hands and fingers to press telephone keypad and lift telephone receiver.
• Must be able to comprehend phone calls.
• Must be able to lift 5 pounds.