Principal Technology Risk Analyst

About The Position

Requirements

• 7+ years’ experience in information technology risk, cyber security, controls, or audit roles.
• BA/BS/MS in in computer science, technology, cybersecurity, or a related field of study preferred.
• Expert knowledge of cloud security, containerization, API, DevOps, secure software development, application security, databases, and operating systems.
• Demonstrated technical abilities in multiple areas (e.g., technology infrastructure and application controls, cyber security, access management, network and cloud, resiliency, etc.).
• Experience performing Technology risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations.
• Understanding of artificial intelligence, machine learning, LLM, data science, and Robotic Process Automation (RPA) tools.
• Ability to work simultaneously on multiple tasks and lead team priorities and workload.
• Knowledge of Industry standards, frameworks, and best practices, such as NIST, SOC Program, SOX, ISO27001.
• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to senior management.

Nice To Haves

• Preferred hands-on skills with various Programming/Scripting Languages (Python, PowerShell, Java, etc.), audit testing tools, and automation.
• Professional technology risk certifications (CISSP, CISA, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred.
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer is preferred.

Responsibilities

• Conducting in-depth information technology risk and cyber security control assessments of existing production applications, systems currently being developed using emerging technologies and technology infrastructure.
• Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation.
• Develop data analysis and apply innovative automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses.
• Provide technical assistance on risk-related systems issues and monitoring controls related to application security, CI/CD programs, regulatory requirements and serve as a liaison for technology risk management.
• Assist with conducting Cloud, SaaS risk assessments and readiness reviews for applications using AI/ML technologies.
• Determining appropriate KPIs/KRIs for IT risk monitoring.
• Understanding and consulting on information security standards and industry best practices.
• Manage IT Controls program activities; this includes managing the Controls Inventory in GRC/OpenPages and control documentation and performing IT Controls Testing to meet internal assurance and external audit requirements.
• Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.