IT Risk Associate

About The Position

Requirements

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or a related field. An equivalent combination of education, training, and relevant experience will be considered.
• 3-5 years of experience (including internships or co-op placements) in IT risk management, cybersecurity, IT audit, compliance, or a related area.
• Exposure to risk assessment or compliance processes in a corporate or regulated environment is highly valued.
• Basic understanding of IT systems, networks, and security principles (e.g., access controls, vulnerability management, business continuity, data protection).
• Awareness of risk management and security frameworks or standards such as NIST, ISO 27001, CIS Controls, and regulatory compliance requirements (e.g., NY DFS 23 NYCRR 500, HIPAA) is a plus.
• Strong analytical and problem-solving abilities.
• Capable of interpreting data and technical information to evaluate risk levels and remediation priorities.
• High attention to detail in documentation and analysis.
• Excellent written and verbal communication skills.
• Able to prepare clear reports and presentations on risk findings and convey technical information in business-friendly language.
• Comfortable engaging with employees at various levels, from technical IT staff to business managers.
• Strong time management abilities with the capacity to manage multiple tasks and priorities in a fast-paced environment.
• Proactive in meeting deadlines and following up on outstanding items.
• Proficiency with Microsoft Excel, Word, and PowerPoint for analysis, documentation, and reporting.
• Ability to learn and use risk management or GRC software and other security tools quickly.

Responsibilities

• Assist in planning and conducting technology risk assessments for systems, applications, and business processes.
• Help identify potential security vulnerabilities, control gaps, and emerging technology risks; evaluate their likelihood and impact; and contribute to developing mitigation plans.
• Document risk assessment findings, recommendations, and remediation plans for review by senior leaders.
• Help maintain and update the organization's risk and control inventory, including inherent risk ratings, control mappings, and residual risk calculations, in alignment with the Cyber Risk Management Framework.
• Support maintaining and improving the governance framework for information security and IT risk.
• Assist in drafting, reviewing, and updating risk management policies, procedures, and standards to align with best practices and regulatory requirements.
• Log, monitor, and follow-up on identified risk issues, control exceptions, and cybersecurity incidents.
• Coordinate with issue owners in IT and business units to drive remediation actions and risk mitigation plans to completion.
• Help develop and track Key Risk Indicators (KRIs) and other risk metrics to measure the organization's technology risk posture.
• Stay current on IT and cybersecurity risk trends, emerging threats, and best-practice frameworks (such as NIST CSF, ISO 27001, COBIT) and applicable regulations.
• Proactively suggest enhancements to risk assessment processes, tools, and controls.

Benefits

• PTO
• medical
• dental
• vision
• retirement savings
• disability insurance
• life insurance