IT Risk Analyst

About The Position

Requirements

• Bachelor’s degree in information technology, cybersecurity, risk management, computer science, or related area
• 2-4 years of experience in IT risk management, IT audit, cybersecurity, or related roles
• Familiarity with property/casualty insurance industry operations and relevant regulatory requirements (e.g. NAIC Model Law, PCI-DSS)
• Foundational knowledge of Internal controls and core IT technologies and processes (e.g. network systems, operating systems, databases, change control tools and processes, computer systems operations, application and system development, help desk and incident monitoring, information security, data backup, retention and recovery, IT vendor management, asset management, disaster recovery)
• Familiarity with risk assessment methodologies and GRC tools
• Good written and verbal communication skills
• Attention to detail with the ability to follow processes and standards
• Proficiency in Microsoft Office products
• Work collaboratively and manage competing priorities, especially when translating expectations between third line or external audit assurance groups and first line risk and controls owners within IT
• Ensure strong relationship management and value demonstration to a wide set of stakeholders
• Identify, assess, and prioritize IT risks
• Multitask and work closely and effectively with other employees
• High degree of attention to detail and organization
• Maintain a high volume of work with few mistakes or delays

Nice To Haves

• Master’s degree in Information Technology, Cybersecurity, Risk Management, Computer Science, or related area; MBA also considered
• One or more of the following professional certifications such as CISA, CISM, CRISC, or CISSP are strongly preferred
• IT risk frameworks (e.g. NIST CSF, COBIT) in the insurance or financial services industry
• IT systems and technologies including ServiceNow, Saviynt, Workday, SAP, Salesforce, Guidewire
• IT risk management for emerging technologies such as AI, machine learning, cloud computing, process automation, data analytics, etc.

Responsibilities

• Contribute to documentation of IT risk management policies, standards, and processes
• Help maintain alignment with company objectives and regulatory requirements
• Perform analysis of key IT Risk performance/risk indicators for management
• Support internal and external IT risk assessments as dictated by the senior team members
• Contribute to IT risk appetites, tolerances, and mitigation plans related to IT systems as dictated by the senior team members
• Support monitoring activities of 1st line access reviews for general users, privileged users, and passwords
• Coordinate with IT to maintain an IT risk register, control library, and assign risk ownership
• Support regulatory readiness efforts and governance assessments for the information technology controls environment
• Research industry trends, emerging threats, and evolving regulations
• Contribute to training company stakeholders on IT risk
• Contribute to Enterprise Risk Management team’s reporting and processes (e.g. key risks, watch list risks, AI Systems Program)

Benefits

• 401k Match
• Medical
• Dental
• Vision
• PTO
• Paid Holidays
• Tuition Reimbursement