Senior Technology Risk Analyst – Monitoring and Testing

About The Position

Requirements

• 5–7 years of progressive experience in IT risk management, information security, or internal audit.
• Working knowledge of control frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and/or ITIL.
• Experience conducting or supporting RCSAs, control testing, and risk assessments in a regulated environment.
• Strong analytical and problem-solving skills with the ability to interpret complex data and translate findings into actionable recommendations.
• Demonstrated ability to manage multiple concurrent priorities with minimal oversight.
• Strong interpersonal and written communication skills; able to convey technical risk concepts to non-technical stakeholders.
• Proficiency with GRC platforms (e.g., Archer), ITSM tools (e.g., ServiceNow, Jira), and security tools (e.g., Splunk, Qualys, DataDog, Wiz, and/or CyberArk).
• Experience with cloud platforms such as AWS, Azure

Nice To Haves

• Experience in a regulated financial institution or banking environment.
• Familiarity with cloud infrastructure risk, cyber recovery, or third-party risk management.
• Prior experience responding to regulatory exams or supporting audit remediation.
• One or more of the following certifications are preferred: CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISM (Certified Information Security Manager) AWS Cloud Practitioner or Microsoft Azure Fundamentals
• Familiarity with reporting tools (Tableau, PowerBi)

Responsibilities

• Lead planning and execution of control monitoring and testing across multiple complex technology and cybersecurity processes, ensuring adherence to methodology, timelines, and quality standards.
• Independently perform and/or oversee control design and operating effectiveness testing; review workpapers and evidence for completeness, accuracy, and audit readiness.
• Assess material controls and evaluate whether enhanced controls and remediation actions are effective to support issue validation and closure.
• Ensure testing results are documented clearly and accurately in the system of record and supporting tools, producing audit-ready documentation suitable for QA, Internal Audit, and Regulatory review.
• Proactively escalate significant control deficiencies, emerging risks, and delivery risks; drive follow-up with stakeholders to achieve timely resolution.
• Lead issue validation testing to confirm remediation effectiveness and provide evidence-based recommendations to support issue closure.
• Support and/or lead Risk and Control Self-Assessments (RCSAs), including creation and validation of process maps that reflect key processes, risks, and controls.
• Lead identification and prioritization of opportunities to enhance testing through automation, data analytics, and improved key control metrics (KRIs/KCMs); partner with stakeholders to support implementation.
• Strengthen continuous monitoring by refining metrics, improving coverage, and leveraging trend and anomaly analysis to increase risk signal and reduce noise.
• Build and expand trusted relationships across business and technology stakeholders; influence outcomes through compelling, fact-based analysis and clear recommendations.
• Mentor junior analysts on risk methodology, documentation standards, and analytical techniques.
• Stay current on regulatory changes, emerging technology risks, and evolving industry frameworks.
• Proactively pursue ongoing professional development, including relevant certifications, industry training, etc. to maintain current knowledge in a rapidly evolving field.