0185 Risk Analyst IV
The Risk Analyst position is vital to assessing risks and managing compliance processes within our digital platforms, business units and functions.
Responsible for managing the day-to-day operation and effectiveness of Information Risk Management and Security-related programs and initiatives.
Provides guidance to customers on Information Management, Information Protection, and Intellectual Property Rights for IT.
Provides guidance to business unit leaders to ensure understanding, appropriate rigor, and prioritization in management of risk as well as providing periodic updates on the state of compliance.
Ideal candidates will be able to grasp the concepts of risk management and mitigation and apply these concepts to constantly changing operating environments.
Knowledge of and experience with Industry Policies, Standards and Controls (e.g., NIST 800-53, ISO 27001).
Information Systems Risk Management and Assurance – Knowledge of the methods and technologies including resource requirements and limitations that are used as controls to protect information and information systems, ensuring physical and logical information security and the maintenance of confidentiality, integrity and availability.
Information Security Audit Management – Leads or participates in preparation, engagement, response and remediation phases of Information Security and Data Privacy Audit activities.
Understanding of computer systems and architecture.
Able to understand and develop knowledge on specific digital platform capabilities and business requirements.
Able to conduct research on emerging cyber trends and apply in the context of the business/IT environment.
Facilitate risk assessment exercises, perform compliance and risk monitoring/validation, and other compliance assurance exercises as required.
Knowledge of effective influencing tactics and strategies; ability to impact decisions within and outside assigned area.
Communicates in a clear and concise manner both orally and in writing.
Ability to explain detailed IT concepts and solutions in business terms and make complex materials clear and engaging.
Write technical reports / risk assessments in appropriate language for the business to understand the risks and mitigation strategies.
Ability to assess, identify and coordinate the implementation of the appropriate IRM processes/procedures.
Utilizes qualitative and quantitative risk analysis best practices to provide a clear decision-making framework for managing information risk.
A self-starter that demonstrates “One Team” behaviors and can influence others.
Capable of building team consensus and work effectively and collaboratively in multi-discipline, multi-cultural environment.
BS in Computer Science, preferred not required.