IT Risk Management Analyst

About the position

The purpose of this role is to support the NAU IT team with their risk management activities as well as engaging with the Enterprise Risk Management (ERM) team to execute the risk management program. Additionally, the role is responsible for ensuring adherence to relevant policies and standards governing Risk and Control Self-Assessment across the NAU IT organization, providing ongoing education and training, facilitating risk and control identification and assessment, and reporting progress and issues. The role will work closely with various teams to provide assurance over the Risk Management framework.

Responsibilities

• Deliver insightful reporting on IT Risk Management activities.
• Collect risk information and metrics to support monitoring against risk appetite.
• Ensure adherence to all Risk standards within the organization.
• Perform data quality monitoring and correct issues to ensure completeness and accuracy.
• Lead the IT Risk Control and Self Assessment (RCSA) and complete in Insight.
• Complete the Risk Maturity Self-Assessment.
• Maintain controls and lead semi-annual control testing efforts.
• Track IT Major Incidents and follow-up actions, including incidents flagged for Problem Management.
• Coordinate post-mortem reviews and lead monthly update meetings.
• Track P0 requests and review in monthly update meeting.
• Track and manage issues and incidents to ensure that evidence is submitted by the due dates set, which includes leading the monthly issue review meeting.
• Complete the quarterly Risk Appetite Statements.
• Coordinate QBE policy and minimum control standards (MCS) reviews.
• Participate in policy update meetings with QBE and socialize changes to NAU.
• Coordinate Access Revalidations including tracking results and tickets to completion.
• Participate in internal audits.
• Coordinate NAIC with US Map and agent surveys.
• NY DFS Attestation.
• Monitor the UIT/Shadow IT register and provide monthly UIT updates.
• Coordinate penetration testing and track any issues created from the findings.
• Coordinate Due North scheduling.
• Prepare the DISO monthly presentation.
• Coordinate Application Attestation and report on the results.
• Complete Supplier and SAQ reviews.
• Provide training to employees on risk management responsibilities.
• Prepare Risk Management communications including IT Update newsletter articles.
• Support the 'Second Line of Defense' role by monitoring business unit risk management activities.
• Maintain a strong network with risk professionals internally and externally.
• Identify and escalate relevant trends or changes in the external environment.
• Meet deadlines for stakeholder requirements and respond to ad-hoc requests promptly.

Requirements

• Some relevant risk management work experience, preferably within Information Technology.

Nice-to-haves

• Insurance industry experience is preferred.
• Experience in delivering Risk Management services.
• Experience in Cyber Security or Information Technology.
• Experience in data analytics.
• Exposure to insurance or financial services in a similar role is preferred.

Benefits

• Hybrid Working - a mix of working from home and in the office.
• 22 weeks of paid leave for family growth, with 12 weeks available to all parents on a gender-equal basis.
• Competitive 401(k) program with company match up to 8%.
• Well-being program including holistic wellbeing coaching, gym membership, confidential counselling, financial and legal advice.
• Tuition Reimbursement for professional certifications, and continuing education.
• Employee Network and Community - QBE actively supports six Employee Networks, and many ways to give back to your community.