10874 - Sr. Risk Operation Analyst - Integrated Risk Management "IRM"

About The Position

Requirements

• Experience: 7+ years of experience in Technology Risk, Cyber Risk, GRC, or IT Risk Management. Hands-on experience running technology risk assessments, issue management, exception processes and maintaining control libraries, policies, and standards. Familiarity with GRC platforms.
• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
• Technical Expertise: Strong knowledge of technology control frameworks (e.g., NIST CSF/800-53, ISO 27001, CIS). Proven ability to create risk dashboards and executive-level reporting. Strong analytical, documentation, and process design skills
• Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.

Nice To Haves

• Experience: Team leadership experience working within a CISO organization or large enterprise technology environment. Implementation or maintenance experience with GRC platforms. 5+yrs experience in a top tier professional services firm, performing technology audit and/or risk management engagements.
• Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer are highly desirable.
• Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Responsibilities

• Technology Control Framework & Documentation
• Maintain and evolve the enterprise technology control library, ensuring alignment with internal policies, standards, and external frameworks (e.g., NIST CSF 2.0, ISO 27001, CIS).
• Own the lifecycle management of technology risk policies and standards, including updates, reviews, approvals, and communications.
• Ensure controls, policies, and standards are clearly mapped to regulatory, legal, and business requirements.
• Risk Operations Execution
• Run and continuously improve core Risk Operations processes, including:
• Technology Risk Assessments (consistently assessing the inherent risk, control effectiveness within the environment )
• Risk Issue Management (identification, validation, remediation tracking, closure)
• Risk Exception Management (intake, assessment, approvals, renewals, expirations)
• Ensure risk processes are executed consistently, on time, and in accordance with defined methodologies.
• Act as a subject matter expert for risk process guidance to technology, security, and business teams.
• Risk Tracking, Reporting & Dashboards
• Design, build, and maintain risk dashboards and reporting that provide transparency into:
• Open risk issues and remediation status
• Exception volumes, aging, risk aggregation and trends
• Risk assessment outcomes and key risk indicators (KRIs)
• Translate risk data into meaningful insights for senior leadership, customers and risk committees.
• Ensure accuracy, completeness, and audit-readiness of risk data across systems.
• Stakeholder & Governance Engagement
• Partner closely with Customers, Senior and Executive Leaders, Legal and other groups, to drive timely remediation and risk ownership.
• Support internal and external audits, regulatory inquiries, and risk governance forums with clear documentation and reporting.
• Process Improvement & Tooling
• Identify opportunities to streamline and automate risk operations workflows.
• Support enhancements to GRC and risk tooling, including requirements definition, testing, and adoption.
• Contribute to the maturation of the Integrated Risk Management operating model.