Senior IT Risk Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
• Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
• Must be able to work the hybrid schedule: 3 days Mon-Wed in the Plymouth office then remaining days work remotely.
• Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
• Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
• Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
• Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/ or regulatory stakeholders.
• Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
• Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.

Nice To Haves

• Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent.
• Financial services industry experience.

Responsibilities

• IT Risk Assessment & Control Evaluation Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
• Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
• Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
• Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
• Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank’s systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.
• Risk Communication & Issue Resolution Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
• Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
• Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
• Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.
• Program Support & Mentorship Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
• Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
• Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
• Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.

Benefits

• Competitive compensation with performance incentive awards
• Health Insurance
• Dental Insurance
• a 401K and DC Plan for your retirement
• LTD & Life Insurance
• Vacation Time
• Day Care Reimbursement
• Tuition Assistance for graduate and undergraduate programs
• an Award Winning Wellness program and much more!