Principal IT Risk Analyst- Infrastructure

Citizens Bank•Johnston, RI

108d•Hybrid

About The Position

The Principal IT Risk Analyst (Infrastructure) is responsible for providing oversight and governance of technology risks to ensure the organization operates in a safe and sound manner within regulatory expectations. This position is a backfill and will join a first-line risk team working directly with enterprise technology enablement teams (e.g., Cloud based Infrastructure, Storage, IT Operations) to proactively identify, assess, and mitigate risk aligned with the enterprise risk appetite framework and industry best practices.

Requirements

Technical knowledge in Infrastructure, Storage, and Cloud Infrastructure.
Familiarity with: • Storage solutions and cyber recovery best practices • Operating systems: RHEL, Windows, VMware ESX • Security tools: Qualys, Wiz, Splunk, CyberArk • Network and infrastructure security best practices
Experience with tools like Excel, ServiceNow, DataDog, Tableau, or Grafana for data analysis and reporting.
Understanding of control frameworks (NIST, CoBIT, ITIL) and risk self-assessment.
Strong interpersonal, analytical, and writing skills.
Ability to work in a fast-paced, ambiguous environment with multiple priorities.
Minimum 7–10 years in IT, risk management, or internal audit with increasing responsibility.
Bachelor’s degree (IT/Security/Business) required; Master’s preferred.

Nice To Haves

CISA, CISM, CISSP, CRISC, AWS Cloud Practitioner, Azure Fundamentals.

Responsibilities

Serve as a technical Subject Matter Expert on projects and working groups, identifying risks and controls inherent in cloud hosted infrastructure, storage, and IT Operations.
Collaborate with technical teams to document process maps, procedures, control adequacy worksheets, control test steps, and job aids using Visio, Confluence, and other enterprise documentation tools.
Respond to internal and external audits, regulatory exams, and other requests for information. Assist in evaluating findings and implementing corrective actions.
Identify risk issues, document them in GRC Archer, manage action plans, and provide evidence for closure.
Engage in Third Party Risk Management Program activities to manage technology risk for related service providers in assigned areas.
Analyze and interpret risk and security data from tools such as GRC, Splunk, DataDog, ServiceNow, Nexus, and Qualys to identify trends and gaps.
Partner with risk colleagues to complete RCSAs, ad-hoc risk assessments, procedure updates, and other risk management activities.
Develop well-written, data-driven risk reports within deadlines.
Act as a liaison with business stakeholders to identify, track, and manage technology risk exposure.
Manage multiple time-sensitive workloads using Jira and other productivity tools.
Stay current on changes to infrastructure processes, internal policies, and industry trends to assess potential risk impacts.
Build strong relationships with business partners, Audit, Governance teams, and SMEs to support risk mitigation.