|Senior Information Technology Risk Analyst
This position is hybrid, with 2-3 days in the Jersey City Office
pay range: 60-70/hr
This role is with the Strategy and Governance Division in the Information Technology Risk (ITRM) Team which provides First Line-of-Defense Risk Management support for the technology dept. ITRM is responsible for assessing the adequacy of the control environment across U.S. Operations (MUSO). The group conducts Information Technology risk assessments, including but not limited to application, infrastructure, cyber risk, project and risk exception assessments and report on areas of effectiveness or inadequacy of the internal controls.
This ideal candidate will be a Senior IT Risk Analyst, a SME, a team player, able to collaborate, communicate effectively and clearly with IT and business staff, representing the IT Risk Management group. This highly motivated analyst will be capable to bring his/her breathe of IT risk knowledge into his/her assignment leveraging an understanding of NIST, COBIT and FFIEC frameworks, to his/her assignments. Be able to work on multiple tasks simultaneously with minimal impact. A knowledge of the inner working of an IT environment (i.e. infrastructure, network, software development, etc.) is highly desirable.
Must have working knowledge of operational bank processes and correlate them with impact should an operational process fail.
Key responsibilities include:
- Conduct IT risk assessments (i.e. application, cyber, cloud, infrastructure, policy/risk exception) using industry standard methodology, identifying control deficiencies and propose mitigating solutions aligning with MUSO standards
- Assist in the development and implementation of IT risk initiatives, including the writing of procedures and run books (i.e. formulating and validating KRI/KPI)
- Partner with colleagues and stakeholders from IT and/or business areas to gather information, assess, come up with recommendation should controls be inefficient and report on the assessment results to management.
- Provide root cause analysis on production issues and be able to draw a conclusion on the production issues based on the information collected
- Work on risk management projects, schedule meetings with the stakeholder & stakeholder follow ups until the project is successfully completed
- Minimum of 5 years in financial institutions as an IT risk analyst performing assessments and hands on IT software development
- Working knowledge of investment and banking products
- Strong business, analytical, quantitative, problem-solving and decision making skills
- Strong knowledge of COBIT, NIST, FFIEC frameworks etc.
- Solid understanding of project life cycle (SDLC)
- Superior communication skills: both written and oral with technical and non-technical staff. Able to articulate issues clearly and succinctly; willingness to escalate issues w here needed
- Advanced user of Excel
- Self-starter, with strong interest in learning, able to work with limited instructions. Be able to work with agility due to change in directions with minimal impact to quality and take responsibility/accountability in his/her assignments
- Tolerance and understanding of multiple cultures
- Knowledgeable in using Archer, SeviceNow, VISIO, PowerPoint, Word
- Able to think 'out of the box' and work efficiently