IT Risk Analyst Resume Samples
4.5
(108 votes) for
IT Risk Analyst Resume Samples
The Guide To Resume Tailoring
Guide the recruiter to the conclusion that you are the best candidate for the it risk analyst job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.
Craft your perfect resume by picking job responsibilities written by professional recruiters
Pick from the thousands of curated job responsibilities used by the leading companies
Tailor your resume & cover letter with wording that best fits for each job you apply
Resume Builder
Create a Resume in Minutes with Professional Resume Templates
CHOOSE THE BEST TEMPLATE
- Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS
- Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES
- Instantly download in PDF format or share a custom link.
BS
B Shanahan
Brycen
Shanahan
789 Schimmel Plain
Boston
MA
+1 (555) 776 6521
789 Schimmel Plain
Boston
MA
Phone
p
+1 (555) 776 6521
Experience
Experience
Houston, TX
IT Risk Analyst
Houston, TX
Macejkovic and Sons
Houston, TX
IT Risk Analyst
- Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Provide cover for the IT Risk Manager
- Provides risk mitigation recommendations and works with technology and business partners to help mitigate technology risk observations
- Performs regular reviews, and contributes to development and maintenance of information technology processes, standards, templates, tools and techniques
- Acts as technical advisor to recommend solutions for project managers, analysts, system development resources, and trainers
- Report risk performance against established enterprise risk metrics
- Conduct 3rd party/vendor IT risk reviews to ensure compliance with Regions 3rd party management framework and vendor has adequate IT controls in place
Chicago, IL
Senior IT Risk Analyst
Chicago, IL
McClure and Sons
Chicago, IL
Senior IT Risk Analyst
- Develops and provides organizational ERM training and creates awareness through assisting in regular ERM framework updates
- Assist in the development and implementation of new IT risk initiatives, including policies, processes and awareness programs
- Support the IT Risk Manager on the implementation of information technology risk management strategy and operating priorities
- Helps develop, implement, monitor and manage risk mitigation programs for the enterprise
- Monitor Outsourced Suppliers' performance to identify and correct performance problems
- Provide oversight of key components of the Company’s third party risk management program
- Assist Management with producing metrics and executive level status reports
present
Phoenix, AZ
Principal IT Risk Analyst
Phoenix, AZ
Altenwerth LLC
present
Phoenix, AZ
Principal IT Risk Analyst
present
- Contributes to managing the strategic development and improvement of risk frameworks, methodologies and limits. Contributes to strategy of CTS risk reporting
- Leads high-impact and complex projects that involve working with the businesses to improve controls that would mitigate any deficiencies
- Develops and improves risk systems, methodologies and limits
- Leads major risk evaluations and delivers results and recommendations to business areas and Technology management
- Provides high value input into risk reports on highly complex issues
- Presents reports to the business areas and CTS management
- Technology Compliance Steering Committee (TCSC): Represent Digital Workplace on both the US and International TCSC forums
Education
Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
University of Tennessee
Bachelor’s Degree in Computer Science
Skills
Skills
- Knowledge and experience with vulnerability scanning solutions such as Qualys, Rapid7, Nexpose, and Tenable Nessus
- Provides understanding of business analysis concepts and principles and a basic knowledge of concepts and principles in other technology areas
- Excellent analytical ability, and planning/organization skills
- Good planning, coordination and implementation skills, and the ability to work across towers and functions to deliver and execute
- Excellent leadership skills, organizational skills, and the ability to work independently is essential
- Ability to learn quickly, manage through systems and common processes
- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities
- Ability to prepare and deliver professional training media
- Ability to develop strong working relationships, and manage by influence
- Strong knowledge of Microsoft Office with Excel, Outlook, and PowerPoint skills
15 IT Risk Analyst resume templates
Read our complete resume writing guides
1
IT Risk Analyst Resume Examples & Samples
- Supporting timely identification of items requiring review
- Agreeing scope of each review with CS RMs and Key Stakeholders
- Identifying and evaluating the risks and potential impacts posed by those services, technologies or infrastructures
- Ensuring those technologies support compliance with Corporate Policies & Standards, Regulatory direction and best business and technology practices
- Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Summarising material risk gaps and remediation strategies into structured, easy to understand management reports that can then be used by the RMs to drive compliance to best risk management practices throughout the organization
- Providing timely feedback and guidance (both formal and informal) to the CS RMs and Stakeholders on concerns identified
- Supporting team success by collaborating on selected reviews and sharing technical, risk and controls knowledge across the team and broader community
- 3-5 years of deep technical work experience in one or more areas of infrastructure (e.g. UNIX, Windows, mainframe), databases (e.g. DB2, Oracle, SQL Server), mobile and networks is required plus a basic to good awareness of the other technologies
- 3-5 years related business experience, including Risk Management and/or Technology Audit functions
- Comfortable debating issues with senior decision makers and providing appropriate challenge where necessary
- Stong understanding of IT control policies and the associated implementation issues
- Strong written and verbal presentation skills to a wide variety of senior managers across the organization
- CISSP, CISM/CISA, or CRISC certifications a plus
2
IT Risk Analyst Resume Examples & Samples
- Identify gaps and areas of opportunity within the environment
- Develop and implement solutions to close the gaps and mitigate risks
- Lead and provide guidance for voice security and security related projects
- Perform periodic reviews of the voice infrastructure to ensure ongoing compliance to corporate policies and procedures
- Ensure all documentation current and accessible by the Unified Communications team
- Work closely with key Voice Vendors
- Proactive development of Operational processes and procedures
- Engineering escalation and follow-up
- Knowledge / experience in multiple voice platforms (e.g., trading floor, Cisco, Avaya, VoIP, voice recording)
- Worked in Financial Services or regulated industry
- Excellent analytic and problem solving skills, positive self-starter with proactive approach
- Ability to solve risk / security issues with both tactical and long-term solutions
- Good planning, coordination and implementation skills, and the ability to work across towers and functions to deliver and execute
- Comfortable working both individually on set objectives and collaboratively with GTI and LOB staff on a broader set objectives
- Ability to develop strong working relationships, and manage by influence
3
IT Risk Analyst Senior Resume Examples & Samples
- Evaluate the application of proper IT risk controls and standards within the voice infrastructure
- Oversight and governance of the Risk and Control Self Assessment (RCSA) process
- Participate in audits of the voice infrastructure
- Provide support and consultancy to the Unified Communications team
- Training /knowledge transfer as required
- Technical advice and recommendations of best practice for voice systems/platforms globally in relation to risk and security
- Provide weekly and monthly metrics on team performance and workload
- Information Security
- Understanding of telephony
- Information Security or Risk Management certification
- Excellent time management and personal task prioritization
- Ability to work well in a high-pressure and dynamic environment
4
Senior IT Risk Analyst Resume Examples & Samples
- Support the IT Risk Manager on the implementation of information technology risk management strategy and operating priorities
- Support the integration of the IT Risk Management practices into key Information Technology and business areas
- Build effective relationships with key individuals who own and support processes you are responsible for evaluating, including the appropriate line-of-business risk managers
- Perform ongoing planning and prioritization of key projects and activities to ensure that resources are applied to the most critical areas. Communicate with the IT Risk Manager, as needed, to ensure proper prioritization and management of workload
- Participate on projects and ensure that key IT risks are being adequately addressed. Coordinate with project managers to ensure that issues are identified, action plans are in place and that PLC requirements are being met
- Perform risk assessments on key IT processes or assets, identify vulnerabilities and propose solutions to mitigate risk. Perform due diligence and risk assessments on IT service providers
- Work with IT areas in developing an effective self-assessment process for proactively identifying risks associated with processes, applications and technical infrastructure components
- Support compliance with applicable regulations, which include, but is not limited to the following: the FDIC Improvement Act, the Sarbanes-Oxley Act of 2002 and the Gramm-Leach-Bliley Act of 1999
- Support the resolution of Internal Audit, regulatory, or Risk Management related issues that could impact the confidentially, availability or integrity of data or processes
- Create effective risk assessment documentation supporting work performed, including formal communication on risk assessment results. Be able to deliver effective presentations to management on summary of work performed and findings
5
IT Risk Analyst Resume Examples & Samples
- Using established methodologies, conduct technical reviews of infrastructure projects e.g. risk assessments of workstation and server platforms, database, network and virtualisation technologies
- Assist other teams in the IT Risk organisation with technical reviews of business application systems and provide guidance as a subject matter expert for infrastructure components
- Provide IT risk engagement on a variety of projects and provide consultancy and advice on security best practices to clients within the project team and the business
- Establish and maintain close working relationships with clients across the IT organisation and work closely with those clients to evaluate the security implications of any proposed changes to the bank’s infrastructure. Assess each change to identify areas where proposals do not meet internal bank or regulatory policies, standards and guidelines
- Produce formal reports (e.g. risk assessment documentation) on each solution and take responsibility for ensuring that risks are tracked to remediation or acceptance by the business and IT owners
- Assist in finding pragmatic, cost effective solutions to identified security and risk issues
- Work closely to align security advice with other divisions within the bank, such as Security Architecture
6
IT Risk Analyst Resume Examples & Samples
- Perform and lead assessments across all BU and Corporate IT operations and services performing security audits, IT process design/operational reviews and risk assessments across Adobe and 3rd party service providers
- Develop audit programs, analyze complex processes, assess risks, evaluate for efficiencies and identify opportunities for improvement
- Identify internal controls issues, ensure they are well-defined and root causes are analyzed
- Summarize and document results of testing for management reporting including proper disposition of test exceptions
7
IT Risk Analyst Resume Examples & Samples
- Degree in a scientific, computing, mathematical or engineering degree or equivalent experience
- Professional certifications in key technologies (e.g. CISSP/CCNA/CCSE/CEH/CHFI/PDP/CIPP etc)
- Extensive IT Risk security experience, ideally within an IT Environment in a large financial services organization and/or in consulting. Understanding of the impact of technology on banking systems, ideally with some Product knowledge, Fixed Income, Equities etc
- Understanding and knowledge of risk s and controls relations to Data Management risks, including understanding of the related regulatory environment
- Excellent knowledge of Risk Assessment ‘methodologies’ and outstanding communication skills/ experience with facing demanding clients
- Proven track record in delivery of quality IT Risk services to IT and business with aggressive deadlines
- Solid relationship management and client focus skills
- Excellent written, interpersonal and presentation skills
- Ability to work autonomously within projects
8
Senior IT Risk Analyst Resume Examples & Samples
- Initially, you’ll need to understand the business, know our revenue model, know our business and underlying systems and applications and get that figured out quickly. You’ll also get exposure to different people and teams and start building your relationships and trust with them
- Shortly after, you’ll need to execute and review test work for IT general controls (covering areas such as logical access, change management, etc) for in-scope applications and systems
- Throughout the year we will execute several specialized projects that cover the major risk themes identified by Management, so be prepared to bring your wealth of experience and knowledge to tackle unique challenges and provide high-value to the company
9
Senior IT Risk Analyst Resume Examples & Samples
- One to two years’ experience in IT Governance, Risk, and Compliance methodologies and tools within the financial services sector
- In depth experience in third party/vendor due diligence around cybersecurity risk
- Strong understanding of NIST Cybersecurity Framework, GLBA, FFIEC Cybersecurity Assessment Tool (CAT), FFIEC Multi-factor Authentication (MFA), SOX, and PCI requirements
- Experience with the Archer or another Governance, Risk and Compliance (GRC) tool
- Experience with cybersecurity controls framework (NIST 800-53, ISO-27001)
- One year experience in writing IT policies, standards, and guidelines
- Experience in two of the three areas: IT Audit, IT Risk, and Information Security
- Experience working with Bank Supervisory Agencies (FDIC, NCCOB, OCC and/or FRB)
- Previous banking or financial services experience
10
IT Risk Analyst, Specialist Resume Examples & Samples
- Ongoing development and Implementation of all aspects of the Company’s security framework
- Embedding and operation of information security controls and strategies
- Ensuring ongoing compliance with and suitability of information security policies and standards
- Coordinate 3rd party certifications
- Drive and embed the risk framework, including risk mitigation and control improvement
- Coordinate perimeter and application security testing and remediation of issues that arise from testing
- Coordinate data ownership and protection
- Contribute responses to RFI, RFP and due diligence questionnaires and visits
- Incident management response coordination
- Evaluating security implications of specialised business/IT requirements
- Risk/Gap analysis
- Preparation and completion of security related projects and programmes
- Involvement in business and IT projects to ensure appropriate controls from the start
- Act as a point of expert reference on all Information risk related issues
- Provides value input into risk reports. Presents reports to the business areas and CTS management
- Leads projects that involve working with the businesses to improve controls that would mitigate any deficiencies. Ensures controls meet regulatory and organization standards
- Ensures that existing control practices and procedures are documented. Reviews documentation for evidence of successful and efficient performance
- Remains aware of CTS and market trends to determine potential risks to the organization. Recommends any resulting change needed to mitigate risk
- Contributes to the achievement of related teams' objectives
11
IT Risk Analyst Resume Examples & Samples
- Be responsible for establishing strong working relationships with Application Development, Information Security, Continuity of Business, as well as other Business/Operations/Infrastructure Risk Management teams
- Coordinate or manage technology components of Internal and External audits. Assist development teams in responding to audit requests, perform review of deliverables for completeness and accuracy as needed
- Ability to analyze large amounts of data, decipher items relevant to the development unit covered, and determine corresponding risk
12
Principal IT Risk Analyst Resume Examples & Samples
- Identifies, analyzes, monitors and minimizes the most complex areas of risk that pertain to information technology
- Leads coordination with disaster recovery and data security teams
- Provides high value input into risk reports on highly complex issues
- Presents reports to the business areas and CTS management
- Leads high-impact and complex projects that involve working with the businesses to improve controls that would mitigate any deficiencies
- Ensures controls meet regulatory and organization standards
- Develops and improves risk systems, methodologies and limits
- Uses expertise of CTS and market trends to determine potential risks to the organization
- Recommends and leads any resulting change needed to mitigate risk
- Contributes to the achievement of area objectives
13
IT Risk Analyst Resume Examples & Samples
- Minimum 3 years of experience in IT risk assessment and analysis
- Minimum 3 years of experience with IT GRC or equivalent risk or security management system
- Minimum 2 years working for a bank or financial institution or similar large institution
14
IT Risk Analyst Resume Examples & Samples
- 4+ years functional business experience with demonstrated business analysis experience and knowledge of credit, risk analytics and IT
- Robust knowledge of risk data architectures
- Experience in the banking industry specifically with risk models and/or AIRB implementations an asset
- Experience in SQL, Java, SAS, Software Design and Documentation, Software Development, Software Requirements, Software Maintenance, Date Models and Data Maintenance
- Works on complex assignments requiring continuous periods of concentration, with periodic interruption, may be required to work outside normal business hours to meet project deadlines or support implementations
- Good knowledge of data quality and data governance concepts and controls
- Strong analytical skills; proven team player
- Designs new computer programs by analyzing business/modelling requirements; constructing workflow charts and diagrams; studying system capabilities; writing specifications
- Designs and Develop new User Interfaces for data capture step as part of the deployment of the Risk models architecture
- Maintains system protocols by writing and updating procedures
- Maintains and develop the data bridges between the Enterprise data warehouse and the Risk Analytics data
- Prepares technical reports by collecting, analyzing, and summarizing information and trends
- Conduct User Acceptance Testing to verify performance, reliability, and any issues
- Assess and analyze statistics and data developed by the Risk team and interpret into usable and actionable information
- Assess and analyze the various business models developed by the Risk Analytics team and their integration with the business, processes, and systems
- Have a thorough knowledge and understanding of CWB’s systems
- Act as a liaison between the Risk Analytics team, and the IT team
- Research and development of future product and software enhancements and initiatives
15
IT Risk Analyst Resume Examples & Samples
- Manage the multi-location SOC1 and SOC2 audits including planning and communication with external auditors and coordination of evidence collection with internal process owners
- Conduct risk assessment and analysis of the enterprise IT controls portfolio in order to plan and coordinate compliance activities across multiple product delivery organizations
- Construct and deliver written and verbal communications to all levels of the organization with clarity, to technical and non-technical people, in order to communicate status, open risks, and drive resolution and remediation of IT risks in a timely manner
- Maintain IT risk register including meeting with risk owners, adding, updating and closing risks as needed
- Influence people and teams to address risks through effective communications, very positive personal presence, and a proven understanding of the business and technical factors
- Investigate risk and compliance issues and help develop corrective actions and preventive measures
- Manage IT policies and standards including annual refresh of all documentation, creation of IT policies, and management of IT policy exceptions
- 5-7 years of experience with IT compliance and risk programs, or security processes within information technology
- Bachelor's degree in Information Systems or Technology or equivalent work based experience
- Experience with SOC Audits
- Prior or current information security certifications such as CISSP, CISM, CISA, CRISC, CGEIT or equivalent
- Demonstrable experience with IT disciplines and operational processes
- Experience working with Archer or another risk management tool is a bonus
- Understanding of the SOX IT Controls, ISO27001, and exposure to Security or IT audit activities
- Market understanding of Equifax businesses and products preferred
- Demonstrable experience in the planning and delivery of IT projects that encompass multiple teams
16
IT Risk Analyst Resume Examples & Samples
- Through analysis, identify IT risks and activities that need to be addressed and IT controls that need to be implemented prior to go live/legal day one
- Evaluate existing IT policies, objectives and requirements to accurately identify and document required activities to be completed
- Responsible for providing advisory support in the development of action and remediation plan to manage associated risk
- Act as an internal subject matter expert and develop organization capability around risk identification remediation and/or mitigation
- Document and report status of agreed upon activities, remediation plans, owners and commitment dates
- Track and update/close identified activities, gaps and potential risks
- Assist in ensuring accurate data capture of activities and IT risks in support of risk reporting for all levels of management
- Maintain strong and effective working relationships with all areas of IT, Risk Management, and extended Compliance Teams
- BA or BS in information technology, or related field, or equivalent certifications or equivalent work experience
- 3+ years relevant industry experience in IT Control and/or IT Compliance
- High degree of personal initiative and sense of urgency
- Strong communication, facilitation and consensus-building skills
- Demonstrated relationship-building skills, with a superior ability to make things happen through the use of positive influence
- Ability to work in a fast-paced, deadline-oriented, and dynamic environment
- Advanced PC skills including word processing, spreadsheet and database applications
- ISACA certification: CRISC and/or CISA
- Project management experience (at least 2 years)
- Information Technology experience (at least 2 years)
17
Senior IT Risk Analyst Resume Examples & Samples
- Certification such CISA, CIA, CISM, CISSP or CRISC preferred
- Minimum 5-8 years of experience in one or more of the following areas: IT audit, IT risk, or other experience involving design and/or operational control effectiveness validation and testing
- Must have experience in preparing reports and providing recommendations
- Knowledge of one or more of the following: COBIT, NIST, SOX, SSAE16, GLBA, PCI, IT Risk Management, Information Security, IT Controls, and/or IT Audit practices
- Good organizational and time management skills, must be highly detail oriented
- See above skills
18
IT Risk Analyst Resume Examples & Samples
- Collaborates with stakeholders from business units and support functions to develop risk assessment plans for different business units
- Develops and participates in 3rd party risk assessment program
- Facilitates meetings with business unit leaders as part of the risk assessment discussions, capture discussion notes and generate meeting summary
- Performs risk assessments across different business units and support functions
- Analyzes risk management practices, perform gap analysis and develop findings and assessment reports
- Develops metrics and reports for senior management
- Maintains risk register, track remediation activities and analyse residual risks
- Monitors and tracks exception requests and approvals
- Maintains and periodically updates risk management policies, standards and procedures
- Bachelor’s Degree (Business Administration, Risk Management, Information Security, Management Information Systems (MIS), Computer Science or related IT field) or high school degree and 6 years of work experience in any business-related field
- Experience of working in risk management programs in a global environment
- Experience in performing risk assessments and creating remediation plan
- Project management experience including full lifecycle implementation
- Ability to analyze a wide variety of data and make appropriate decisions
- Ability to set priorities, develop workflow processes and manage staff
- Critical thinking and strategic planning skills
- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities
- Ability to write and speak in the English language
- In-depth pharmaceutical industry and drug development experience
- Experience with governance, risk, and compliance (GRC) tools (e.g., Archer, Open Pages)
19
IT Risk Analyst, Senior Specialist Resume Examples & Samples
- IT audit/controls experience
- Project/program management for enterprise-level technology risk initiatives
- InfoSec experience helpful
- IT technical/development/operational experience helpful
- Understanding of IT service management principles helpful
- ISACA certs are very nice to have
20
IT Risk Analyst Resume Examples & Samples
- Develop and implement risk ownership, standards, policies, and guidelines for the enterprise
- Monitor and ensure compliance with industry and government rules and regulations
- Lead activities to ensure security compliance that meets all contractual requirements
- Report risk performance against established enterprise risk metrics
- Serve as an internal subject matter expert, interfacing with internal and external audit teams on all regulatory compliance audits, related processes and testing efforts
- Monitor and ensure compliance with applicable industry and government rules and regulations
- Conduct technical research as needed to aid with threat assessment or risk mitigation activities
- Perform additional risk management activities as needed
- General business acumen and process knowledge
- Strong communication skills (written, verbal and presentation)
- Experience with change in a dynamic business environment
- Ability to train risk concepts to non-technical people
- CRISC, CISA or CBCP preferred
- Experience in SharePoint and reporting services (preferred)
- In-depth knowledge of IT Security Management risk practices
- Broad knowledge in analyzing and applying information security, risk management, and privacy practices or policies
- Experience in strategy definition or program management (preferred)
- Experience as a consultant (preferred)
- Experience in threat, vulnerability, business continuity, and risk assessment
- Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, EU DPD, HIPAA and PCI DSS
- Minimum of 10 years' experience in IT roles to include collaboration with senior leadership
- Minimum of 5 years' experience in an IT-Business liaison role (preferred)
21
IT Risk Analyst Resume Examples & Samples
- Conduct 3rd party/vendor IT risk reviews to ensure compliance with Regions 3rd party management framework and vendor has adequate IT controls in place
- Conduct targeted internal risk and control assessments on current and/or emerging IT risks
- Conduct pre-implementation reviews to ensure appropriate IT controls in place for key projects/initiatives
- Provide IT risk advisory/consultative business partnering on key projects, initiatives, and/or emerging risk items to address complex IT risk and compliance considerations
- Develop reports to effectively communicate risks, findings, and recommendations for improvement and discuss results with key stakeholders
- Work with key stakeholders to ensure identified risks have proper response and/or are adequately mitigated
- Track mitigation and resolution of IT risk issues
- Attendance and active participation in a number of IT related Project Steering Committees and working groups
- Background and/ or experience in IT Audit, IT Security, and/or IT compliance
- Depth of knowledge in Information Technology risk management
- Solid understanding of Information Technology, System Development, Information Security including the key existing and emerging risks
- Experience or knowledge of 3rd party/vendor management lifecycle
- Experience in a Financial Institution and/ or Public Accounting
- Excellent oral and written communication skills and the ability to work effectively with employees at all levels of the organization (up to and including Senior Management)
- Receptive to guidance from manager and ability to effectively communicate results to manager
- Excellent leadership skills, organizational skills, and the ability to work independently is essential
- Proficiency with Microsoft Excel, Word, and PowerPoint is required
22
External IT Risk Analyst Resume Examples & Samples
- Minimum 2-5 years of experience in one or more of the following areas: IT risk assessments, IT vendor management and/or information security governance
- Must have experience in preparing vendor audit reports and providing recommendations
- Excellent communication and negotiation skills and experience working with multiple internal and external groups
- Ability to learn quickly, manage through systems and common processes
- Knowledge of applicable regulations and audit standards such as: ISO, SOX, SSAE16, GLBA
- Experience in evaluating risk/compliance requirements
23
IT Risk Analyst Resume Examples & Samples
- Assists the Information Security staff in identifying, developing, implementing and maintaining vulnerability management processes across the organization to reduce risks, and limit exposure to liability in order to reduce financial loss to the organization
- Responsible for vulnerability scanning architecture, system security designs, implementation and management of information security systems and/or programs for the protection of the environment
- Executes security controls to prevent hackers from infiltrating company information or jeopardizing programs
- Researches attempted efforts to compromise security protocol and recommends solutions
- Maintains vulnerability management systems
- Maintains company firewall and utilizes applicable encryption methods
- Creates information security documentation related to work area and completes requests in accordance with company requirements
- Responds to information security-related questions and inquiries using established information security tools and procedures
- Resolves and/or performs follow through to resolve all information security issues and questions
- Implements and administers information security controls using software and vendor security systems
- Identifies opportunities and executes plans to improve workflow and understands, quantifies business impacts of those improvements for communication to management
- Interfaces with user community to understand security needs and implements procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security
- Provides status reports on security matters to develop security risk analysis scenarios and response procedures
- Knowledge of networks technologies (protocols, design concepts, access control)
- Knowledge of security technologies (encryption, data protection, design, privilege access, etc.)
- Knowledge of network design and engineering
- Proficiency in planning, reporting, establishing goals and objectives, standards, priorities and schedules
- Basic to intermediate decision-making and problem solving skills
- Basic to intermediate verbal and written communication skills to technical and non-technical audiences of various levels in the organization
- Experience establishing and maintaining effective working relationships with employees and/or clients
- Knowledge and experience with vulnerability scanning solutions such as Qualys, Rapid7, Nexpose, and Tenable Nessus
- Knowledge and experience with programming languages such as Python, Ruby, Perl, etc
24
Senior IT Risk Analyst Resume Examples & Samples
- Helps develop, implement, monitor and manage risk mitigation programs for the enterprise
- Generates risk dashboard for the enterprise and business units, analyzes risk information and ensures dashboards are updated
- Monitors and reports on the response strategies for the enterprise’s top risks and any emerging risks
- Customizes risk reporting and develops dashboards to monitor risk trends and selects appropriate metrics to monitor the effectiveness of risk mitigation initiatives and the impact to the enterprise
- Supports the development and on-going production of enterprise risk management reporting and presentations for meetings with senior leadership and relevant risk committees
- Consults with Enterprise Risk Management leaders on strategic and risk related issues and problems as needed; however, a strong degree of independence and ability to problem-solve complex issues with limited supervision is a must
- Achieves a deep understanding of the Bank’s strategy and aligns risk assessments with business units and functional objectives to promote thinking about risk from both an operating and strategic perspective
- Performs both enterprise wide and targeted risk assessments from the design phase, identification and assessment of enterprise risks, through communicating/presenting results and analysis to Executive Management
- Leads cross-functional risk reviews related to new products or systems in order to identify any project risks early in the process to minimize surprises, increase project efficiency and ensure strong controls are in place
- Develops and provides organizational ERM training and creates awareness through assisting in regular ERM framework updates
- Produces ad-hoc risk reports to management and other related committees as needed
- Provide oversight of key components of the Company’s third party risk management program
- May review the work output of Enterprise Risk Analyst I’s
- Oversee regulatory (IT-related) change management initiatives
- Coordinates and completes special projects as assigned including projects intended to mature the ERM function
- Bachelor’s Degree (BA/BS) or equivalent, required
- Minimum of 5 years of IT Risk Management or IT Audit experience preferably in the financial industry
- CISA, CISSP, CISM, GIAC, or other industry related designations highly desirable
- Strong working knowledge of basic IT control areas including systems development & acquisition, project management, change management, problem management, capacity planning, information security programs, network security, business continuity & disaster recovery, vendor management, and application input/processing/output
- Ability to analyze complex information to provide insights and make strategic business recommendations designed to mitigate risk or recognize opportunities
- Demonstrate ability to independently manage multiple work efforts which may involve directing a multitude of business units/key stakeholders
- Expert knowledge in IT risk, controls, control testing, risk mitigation strategies, key performance indicators and key risk indicators
- Familiarity with mainframe and midrange platforms, operating systems, database management systems, networking, and web applications
- Knowledge and hands-on experience with data analysis using ACL preferred
- Familiarity with audit governance models such as COSO, COBIT, ITIL, ISO 17799 or PMBOK
- Knowledge of basic IT control areas including systems development & acquisition, project management, change management, problem management, capacity planning, information security programs, network security, business continuity & disaster recovery, vendor management, and application input/processing/output
- Experience and hands-on experience with data analysis using ACL preferred
25
IT Risk Analyst Resume Examples & Samples
- Experience working with Excel or Access - They will be pulling data from the backend for the Identity & Access Management team and will work with VLOOKUP, macros, pivot tables, etc
- Soft Skills is most important to the manager for this role --- need to have an eagerness to learn, need to be very driven and high potential individuals with excellent communication skills
- Passionate and interested in getting into an IT Risk role --- View this role as an entry point to IT Risk *Could come from any type of technical background, but must be sharp and interested in gaining more experience within Excel specific to Identity & Access Management risk
- Experience within IT Risk, Identity & Access Management or Information Security
- Experience using MS PowerPoint, MS Acess, MS Excel, and posess great documentation skills
- Must have attention to detail regarding gathering evidence and validating data specific to the Identity & Access Management group within the Risk organization. Must be able to work under time constraints with high quality of work and output
26
Senior IT Risk Analyst Resume Examples & Samples
- Presenting to senior level management on project updates on a weekly /monthly basis
- Responsible for the coordination, tracking and remediation of open action items as they arise from regulatory requirements
- Work closely with action item owners and internal audit to elicit and agree requirements, remediation steps and see progress to successful closure
- Build strong working relationships with both IT and business partners, establishing working groups and workshops with key IT stakeholders and vendors as required
- Conducts and is accountable for weekly tracking, coordination and reporting; ensuring proper escalation of issues to senior management
- Utilize SOX and IT Risk experience to support audits and regulatory projects
- 3+ years of experience in the IT industry, preferably in a financial services or consulting organization, focus on SOX and/or IT Risk
- Strong Sarbanes-Oxley and COBIT Framework familiarity
- Must have some experience presenting to management teams and providing status updates
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background
- Must have experience working with multiple teams and stakeholders to coordinate SOX related activities in a timely manner
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model
- Organizationally agile (i.e., the ability to work well with various levels and functions within the Company)
- Effective time management, problem solving and decision making skills
27
Senior IT Risk Analyst Resume Examples & Samples
- An earned Bachelor's degree, in any field, is required for this opening
- Ability to communicate complex issues and themes to stakeholders while serving as an independent advisor in identifying business issues, root causes and recommending both short term and long term action plans that address them
- The selected candidate will work in partnership with IT Risk, Audit, and Compliance Assessment teams and provide substantive guidance/advice to business partners during all phases of internal and external exams regarding deliverables and potential issues
- Because this exciting opportunity allows both hands-on technical and functional contributions to be made in defining and coordinating action plans for IT audit, IT compliance, and Data Protection, experience in these areas is helpful for success, but client will train the right candidate in these domains
- 3-6+ years professional experience with background in controls, audit, quality assurance, IT risk management, and/or compliance required; or equivalent subject matter expertise in a relevant business related function/operations
28
IT Risk Analyst Resume Examples & Samples
- Own and provide dedicated support for consistent and accurate completion of all IT and Operational Risk Assessment processes required for all Legal vendors as part of Third Party Oversight; maintaining information in the appropriate technology applications (Phoenix) and managing workflow through interaction with vendor
- Develop working relationships with contacts at the vendors and risk assessment teams to foster a partnership in completing activities
- Experience with IT Risk and other risk management issues, assessments and resolutions
- Ability to process improve using technology solutions (SharePoint, Excel, etc)
- Experience managing vendors or clients
- Strong data analysis, reporting and advanced Excel and PowerPoint skills
- Ability to focus and pay attention to detail
- Strong interpersonal skills with the ability to build relationships and networks across all levels of management
- Adaptable, versatile and flexible
- Excellent time management skills with ability to prioritize workload, while maintaining a high attention to detail
- Commitment to delivering high quality work
- Excellent communication skills, including oral, written and presentationSearch Jobs US
29
IT Risk Analyst Resume Examples & Samples
- Develop provisioning design and requirements based on general guidelines (medium scale)
- Perform QA testing for access provisioning and certification, aligned with corporate QA standards
- Develop and maintain technical documentation in support of access management processes, aligned with corporate documentation standards
- Provide Level 1 support for end users related to access provisioning and access certification
- Review security-related events, assessing severity, criticality and priority
- Analyze additional logs, forensic investigation procedures and protocols
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
- Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
- Manage internal vulnerability scans and work with Development and Operations colleagues to remediate findings
- Manage third-party penetration testing engagements
- Provide evidence of control compliance to auditors
- Assist with RFIs/RFPs and security due diligence
- Post-secondary diploma, certificate or degree in an IT-related discipline
- A current operational security credential (e.g. CISSP, GISP, etc.)
- 5-7 years security operations experience, preferable in financial services/government sector, etc
- Understanding of security tools like Burp Suite, nmap, web application scanners, etc
- Familiarity with CentOS/RHEL, Apache, Oracle, Java, Managed File Transfer Servers, etc
- Knowledge of Reverse Proxies, Firewalls/IPS, HTTPS/Ciphers, SSL Certificates
- Knowledge of Identity Management / Single Sign On, SAML
30
IT Risk Analyst Resume Examples & Samples
- Business analysis / requirements gathering on risk programs; build a business case for risk investments
- Create and manage strategic roadmaps; monitor industry for change in trends, instantiate roadmaps within the organization
- Develop processes and procedures for the IT Risk Program, including documentation, assessment finding mediation, assisting with remediation plan development, progress monitoring, and reporting across various activities
- Provide technology risk and information security support to various IT Risk activities, including: legal/regulatory/client inquiries
- Gather and analyze information or data on current and future trends of leading practices to inform IT Risk Program development and thinking
- Minimum 2-4 years of experience in IT industry, preferably in a financial services or consulting organization
- BS or BA degree, preferably in technology/business or equivalent
- Professional technology risk certifications strongly preferred (CISSP, CTPRP, CISA, CRISC, CISM)
31
Lead IT Risk Analyst Resume Examples & Samples
- Bachelor's degree in relevant fields
- 5+ years experience designing and implementing risk identifications and assessments
- Advanced data analytics experience
- Risk Management certification (CRISC, CGEIT, etc.) or degree
- Experience in business risk assessments
- Experience designing and implementing an IT risk identification and risk assessment
- Expertise quantifying risk
- A sound understanding of risk technologies and database structures
- Demonstrated project/program management skills
- Ability to understand, troubleshoot and describe complex policies and processes
- Demonstrated skill and passion for problem solving and operational excellence
32
Principal IT Risk Analyst Resume Examples & Samples
- ARCHER Exceptions: Drive reduction in Archer exceptions/issues to corporate policy
- Audit and Risk Reporting: Lead Digital Workplace’s involvement in external audits (e.g., ISO 27001) as well as RCSA, HLA, federal exam/regulatory reviews, and other internal/external continuous audits
- Corporate EAM Reviews: Work with Information Risk Management (IRM) and other key stakeholders to develop new policies and corporate guidelines to align to the evolving Digital Workplace technology landscape
- Technology Compliance Steering Committee (TCSC): Represent Digital Workplace on both the US and International TCSC forums
- Business Acumen
- Subject matter expertise in audit/compliance/risk management
33
Lead IT Risk Analyst Resume Examples & Samples
- Plan and perform IT risk assessments in the Security Services, Application Services, Technology Services, Quality Assurance and Enterprise Architecture departments
- Identify and assess business and technological risks and provide advice to management regarding the mitigation of these risks
- Identify issues in Policies, Procedures and Controls and write remediation plans
- Develop and maintain strong advisory relationships with other departments such as I.T., Internal Audit, Legal, Compliance, Business Continuity and other external audit organizations
- Support a strategic risk management culture and provide assistance to the business and technology groups
- Requires 5-7 years in Information Technology risk management
- Requires in-depth skills in and understanding of standards and frameworks such as ISO 27001, ISO9001, NIST, COBIT, FFIEC, ITIL and technology best practices
- Understanding of standards, laws and regulations from entities such as SEC, CFTC, CYBER SFC
- Experience with internal controls, risk assessment strategies, audit techniques, and project management
- Understanding of the risks associated with current and emerging technologies and the standards and controls being developed to mitigate those risks
- Proven analytical, problem solving and trouble shooting skills
- Diligent, strong initiative, a positive attitude, strong work ethic and a desire to accomplish goals
- Strong team player who works well with leaders and peers alike with a desire to contribute positive change
- Able to work independently, managing and prioritizing his/her assignments
- General knowledge of technologies that support regulatory requirements, settlement and clearing
- Experience with Governance and Risk & Compliance Software such as Archer or other eGRC tools
- Understanding of various technologies and ability to discuss risks and compliance within the technology departments such as: operating systems, networking, security operations, internet services, databases, messaging, PC services
- Proficient in the MS Office products, Adobe Acrobat, SharePoint
- Experience with document management tools (e.g., DMS, PolicyTech) is a plus
- Bachelor’s Degree in Computer Science, Accounting or Finance
- 5-7 years’ experience in Information Technology audit
34
IT Risk Analyst Resume Examples & Samples
- Works with the IT process and control owners throughout the organization to ensure that the process documentation, control activities and flowcharts are updated and reflect the key controls activities
- Contributes to the audit planning process; assists in the development of audit objectives and detailed test procedures that effectively address key controls and risks
- Coordinates the internal control reviews and related testing of the company's IT General and Application Controls
- Develops work papers that address the objectives of the audit program and support the conclusions reached during testing
- Assists in teaching the process and control owners of the company's internal control program to ensure that there is an understanding of control concepts and financial statement risk
- Ensures findings identified are timely communicated to management and assists with remediation plan documentation
- Assists with external audit requests, preparation of presentation decks to Management and adhoc projects
- Lead coordination and guidance effort for continuous improvement recording, reporting and process
- Support to the Information Security efforts
- Support Project Management activities
- Associate degree in information systems, business or regulatory compliance or 3 years’ work experience in compliance/regulatory environment
- >1 year experience in compliance related role including demonstrated knowledge of SOX, PCI, risk analysis
- Demonstrated strong business and technical writing experience
- Proficiency with Microsoft Office Suite
- Demonstrated strong analytical, problem solving, and organizational skills
- Demonstrated successful interpersonal and communication skills with the ability to interact with all levels of the organization building positive partnerships
- Ability to function at a high level of effectiveness, flexibility, independence and initiative without daily interaction with management
- Ability to excel in a fast paced environment managing multiple project work teams simultaneously, applying principles of project management
- ITIL/IT Service Management and Change Management processes
- Compliance Audit Experience
35
IT Risk Analyst Resume Examples & Samples
- Risk identification, measurement and aggregation and the understanding and management of risk through appropriate practices and processes,
- Develops or implements risk-assessment models or methodologies,
- Assesses and mitigates enterprise and business exposures through the identification of key and emerging risks and evaluates alignment with established risk strategy,
- Monitors the risk and recommends ways to control the environment to ensure that exposures are kept at acceptable levels and may consult on risk mitigation plans
- Minimum of 10 years of IT Security experience with at least 5 years of experience in IT Risk Management
- Bachelor Degree in Information Security, IT Risk Management, or equivalent experience
- One or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), GIAC Critical Controls Certification (GCCC), or GIAC Security Essentials (GSEC)
- Familiarity and experience with Frameworks such as NIST, CIS, COBIT, COSO, etc
- Desire and ability to learn new / up-and-coming technologies
- Strong written and verbal communication skills are required to effectively interact with internal and external partners on all levels to resolve issues and provide solutions in a timely manner
- Prior exposure to, and preferably experience with, SOX IT Audit, PCI and Privacy regulations
- Experience analyzing business processes and putting together process flow, and recommending process changes and efficiencies
- Effectively handle multiple assignments and prioritize accordingly
- Experience with GRC tools and policy / procedure development
- Self-starter and motivator; ability to work with minimum supervision
- Comfortable in an outsourced environment
36
Senior IT Risk Analyst Resume Examples & Samples
- Position is primarily responsible for leading and contributing to a team that analyzes IT risks and controls, with a specific focus on cyber risks and controls
- Coordinate and implement plans for cyber risk control gap analyses pertaining to systems and IT departments
- Prepare reports with recommended solutions to address assessment findings
- Enhance the existing IT project documentation review process and serve as the point person on the tracking of forthcoming IT controls
- Correlate departmental internal audit findings, penetration test findings, Sarbanes Oxley documentation, and compliance data to identify IT risk events and mitigating control
- Work with business unit managers to determine development of appropriate IT risk events and controls
- Report on effectiveness of IT risk initiatives and assess current risk to determine the need for enhancement
- Assist with training efforts on procedural changes and enhancements
- Assist in the development and implementation of new IT risk initiatives, including policies, processes and awareness programs
- Minimum 3 years’ experience with IT audit or IT risk required
- Experience working in financial industry or with FFIEC guidelines and experience required
- Demonstrated team leadership experience required
- Experience with issue tracking and remediation required
- Ability to work in a fast paced environment and execute multiple tasks successfully required
- Knowledge of the FFIEC Cybersecurity Assessment Tool preferred
- Knowledge of the NIST Security Framework preferred
- Experience leading technical and project documentation reviews strongly preferred
- Experience analyzing penetration test results preferred
- Experience in customer service and relationship building preferred
37
Senior IT Risk Analyst Resume Examples & Samples
- Ideal candidate will have relevant experience in an IT department along with at least 4 years in banking or financial services, or equivalent experience in a consulting capacity
- Prior experience analyzing and applying regulatory requirements to security practices
- Familiarity with changes and trends in the regulatory landscape
- Demonstrated organization, facilitation, communication, and presentation skills
- Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interdependencies
- Experience in designing and executing management testing of key controls, evaluating controls for effectiveness and efficiency
38
Principal IT Risk Analyst Resume Examples & Samples
- Technology Operational Risk including Risk & Control Self-Assessments (RCSAs) and High Level Assessment (HLA) for Technology
- TRM Strategy
- TRM Model including Technology Risk & Control Library (TRCL)
- TRM Policies & Standards
- Technology Risk Assessment Methodology (TRAM)
- TRM Risk Reporting including TRM Scorecard covering Key Risk Indications (KRIs)/ Key Performance Indicators (KPIs)
- Supports and drives the roadmap for establishing the Technology Risk Strategy, Operational Risk & Reporting service areas. Contributes to developing the strategic direction of the service
- Leads Technology Risk & Control Self-Assessments (RCSAs) and supports High Level Assessment (HLA) for Technology
- Liaise with multiple teams in identifying, analyzing, monitoring, and minimizing areas of risk that pertain to information technology
- Leads major risk evaluations and delivers results and recommendations to business areas and Technology management
- Uses in-depth knowledge of Technology risk and market trends to determine potential risks to the organization. Leads any resulting change needed to mitigate risk
- Contributes to managing the strategic development and improvement of risk frameworks, methodologies and limits. Contributes to strategy of CTS risk reporting
- Support measurement and in-depth analysis of simplified Technology Risk Reporting with Key Risk Indications (KRIs)/ Key Performance Indicators (KPIs) content creating transparency for each level of TRM Domains
- Produce Reports/Scorecards intended for relevant audience groups to drive technology risk reduction within defined risk appetite thresholds
- People manage a specialist team member
- Information Risk/Security and Technology background with focus on Technology Operational Risk OR Governance, Risk and Compliance activities
- Experience of Technology Risks frameworks and governance
- Experience of Technology Risks and Metrics analysis and reporting
- Knowledge of key regulations and industry standards such as ISO 27001&2, NIST SP800-53, NIST Cybersecurity Framework, etc
- Have industry recognised certifications e.g. CGEIT, CRISC, CISSP, CISA
- Strong presentation and stakeholder management skills
39
IT Risk Analyst Resume Examples & Samples
- Where applicable, assist in the performance of risk assessments related to information security controls and conduct application specific security assessments. The IT Risk Specialist will assist in the evaluation of the assessment results and propose remediation solutions
- Assist with vulnerability testing and participate in security configuration determinations
- Assist with access and control reviews
- Provide assistance in identifying risk(s) and associated controls required for ongoing processes, as well as proposed projects
- Manage the Change Advisory Board (CAB) meetings
- Assist in the investigation of security breaches, or potential breaches, and assist where required
- Assist in the development and implement information security procedures as required
- Perform other IT Risk Management activities as assigned
- Assist in routine security monitoring tasks
- Administer security software solutions as needed
- Liaison for Information Security team interacting with Information Security Operations, Audit and Risk
- Assist with Patch management program updates desktops, servers and applications
- Assist with Verify anti-virus solution installed on servers and desktops is current
- Assist with ancillary IT Governance, Risk and Compliance projects and directives as needed
- Strong written and verbal communication with solid presentation skills are a must
- Excellent analytical ability, and planning/organization skills
- Self-motivated to carry out assignments with minimal supervision and collaborate well with others
- Required: Bachelor’s Degree in Business, IT or related field or equivalent work experience
40
Principal IT Risk Analyst Resume Examples & Samples
- Ability to present complex IT risk and control concepts verbally and in writing
- Strong collaboration and consensus building skills
- In-depth understanding and ability to interpret regulatory requirements and control frameworks, including COSO, COBIT, NIST800-53, and others
- Ability to interpret results from various types of audits and control reviews (financial/SOX, SSAE16/SOC1/SOC2, internal audit, control self-assessments)
- Demonstrated skills in developing recommendations for control remediation and validation
- Proven ability to work with globally-dispersed and virtual teams
41
Assistant VP IT Risk Analyst Resume Examples & Samples
- The implementation of an efficient IT Risk Management framework within his entity in charge of IT activity whose components are declined from the Level 2 procedure ‘Risk ORC / ORC IT Risk Measurement and Management – Risk ORC / ORC IT Missions and Responsibilities’ and from the Level 2 procedure ‘Oversight of Risk ORC / ORC IT organization and Governance’. The management of IT risk operationally by assessing and treating appropriately the risks
- Creation and Maintenance of new policies and procedures, enhance the existing policies, procedures and IT Risk requirements (structure/program) as needed
- Ensuring existence of the appropriate IT organization structure in forecast/ESOP
- The follow-up (and production of regular reporting) of Métier/Region IT recommendations implementation (e.g. IG/Regulator/External/Permanent Control actions/Independent consultant) including the reminder to the implementation manager and the escalation at Métier/Region level in order to meet the Group objectives
- Investigate and record Historical and Potential IT Incidents. Ensuring the proper collection and analysis of IT historical incidents and the validation of Métier/Region IT incidents before the input in the dedicated Group system, based on CIB standardized criteria
- Contribute to the definition and follow-up of associated action plans in addition to regular reporting
- Coordinate the bi-annual input of the CIB standard IT OPC control plan results and the main points of attention related to the IT activity processes for the Function/Métier/Region in a Permanent control report
- Centralize and consolidate all information related to IT domains including those that are not directly under his direct responsibility. Validate the report with the IT Métier/Region management
- Organize Function/Métier/Region IT risk committee at least twice a year (according to Risk procedures)
- Identify Métier/Region IT risks perform the follow-up of those IT risks in CIB Archer, ensure that the analysis and evaluation of the underlying risks (via the mapping and analysis of historical incidents have an IT cause). Manage IT risk by assessing and appropriately treating the risks
- Contribute to the quantification of IT Métier/Region potential incidents (for AMA entities)
- Coordinate all IT permanent control actions for the Métier/Region to ensure a complete and efficient IT Risk Management Framework
- Deploy the IT Group Generic controls plans (at least the major ones); specific Metier/Regions controls may be used after having been mapped at least with the major IT Group major generic controls
- Act on behalf of management to ensure on-going deployment and maintenance of the controls. This includes providing management with status reporting and escalations when needed
- Develop sustainable processes, and controls, as required for the Information Security, Information Technology and Governance, as needed
- Coordinate with IT Risk Managers, team members, local management and Global CIB where needed, to provide reasonable assurance that the security program and IT Governance processes and controls are properly implemented and corrective actions are taken where needed
- Coordinate with all IT team managers and drive process development, control identification and implementation and other improvement initiatives including facilitation of RCSAs (Risk and Control self-assessments)
- Coordinate and lead the deployment of the mandatory procedures in the BNP Paribas Group IT Governance Framework and report to management on status/progress
- Coordinate with Information Security and Information Technology team managers, Global CIB, Group Governance Coordinator where needed, to produce other applicable reporting requirements, such as Control Plan Reports, Information Security Steering Committee dashboard reports, Global Security Indicator reports, Vulnerability Tracking reports, Monthly IT Production Control Status Reports and other applicable reporting requirements
- Coordinate with the appropriate personnel to perform internal controls assessments, report on the results or internal control assessments and coordinate any necessary follow up action to address control weaknesses or opportunities for improvement
- Liaise with the US Regulatory Affairs Team to identify IT procedure needs and assist with creation and maintenance and coordinate IT responses to regulatory questionnaires
- Liaise with NAR Métier OP, IT OPC Personnel and CIOs / CTO / CISO to coordinate escalations and follow-ups on IT risk remediation/mitigation actions as required
- Contribute to the development and management of IT policies and procedures for the Intermediate Holding Company (IHC) as well as Group, Global and Local IT
- Analyze CIB/IS North America IT Risks and interface with Bank of the West and First Hawaiian Bank personnel to prepare Technology Risk Reports for the IHC Board
42
IT Risk Analyst Resume Examples & Samples
- Develop risk management strategies that align with business goals and operations and protect the confidentiality, integrity and availability of information systems and our data
- Identify and document business risks, and coordinate remediation of vulnerabilities and threats using repeatable risk assessment methodologies and processes. This may include producing and analyzing output from infrastructure, database, data classifications or web application vulnerability assessments and developing spreadsheets, diagrams, Word documents and reports as requested
- Identify, document and disseminate IT security requirements to technology managers and business owners to remediate significant risks and achieve desired levels of confidentiality, integrity, and availability based on internal policies and industry best practices
- Communicate effectively with management, engineers, customers and others regarding the need of information security and to help them learn their roles and responsibilities in the implementation and maintenance of appropriate controls to mitigate significant risks
- Train assigned team members on security best practices
- Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments. Includes both in house systems and vendor based solutions covering Information Security, Business Continuity and compliance risk
- Identify and communicate recommended security and control deficiencies for business units. Document and monitor the implementation of controls for technology and business project plans
- Develop an overall risk management strategy for new or existing services with key business stakeholders
- A Bachelor’s Degree (or equivalent) and at least 3-5 years of experience in one of the following functions: Corporate/Risk Governance, Compliance, Project Management or related areas
- 3 years of security, information technology or technology risk management related work experience
- Strong communication and organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required
- Work independently, make decisions and multi-task effectively in a very diverse, project oriented environment
43
Senior IT Risk Analyst Resume Examples & Samples
- Actively monitor and utilize Placements Plus to ensure accurate vendor account placements as well as daily/monthly reporting
- Completion of all monthly control log activities and reporting including but not limited to complaint log maintenance, FDCPA training, OCA Placements etc
- Monitor Outsourced Suppliers' performance to identify and correct performance problems
- Active participation in monthly OCA vendor performance calls
- Adherence to all controls and compliance requirements
- Creation and management of monthly control log of vendor access to PDP and Columbus
- Perform testing and validation activities
- Customer complaint solutions
- Recommend and execute on ideas to increase teams overall efficiency/ effectiveness
- Assist with annual audits as needed
- 3 + years experience in financial services or similar industry. Associate's degree or Bachelor's degree in business or related may be used as a proxy for the experience
- Expert knowledge of general/standard office and administrative procedures and methods
- Expert data entry and word processing skills; Intermediate or advanced Microsoft Excel skills required
- Extensive knowledge of directly applicable departmental policy or procedure is required
- Advanced oral and written communication skills sufficient to provide information, answer inquiries, and refer calls
- Knowledge of Ally systems (CARS, Shaw, etc.) preferred
- Computer skills sufficient to operate on-line system and complex software or develop formulas for moderately sophisticated spreadsheets
- Ability to exercise judgment to research and solve operational problems where the answer is not apparent
- Ability to decide when approval of an unusual transaction exceeds assigned authority or would have broad ramifications, and to bring such incidents to the attention of the supervisor. Perform qualitative review of individual situations, identify trends, and make recommendations
44
IT Risk Analyst Resume Examples & Samples
- Experience evaluating security controls against weaknesses to identify IT risks
- Experience conducting risk assessments of IT systems with knowledge of risk management and commonly accepted security principles
- Familiarity with audit techniques, evaluating audit controls, and tracking remediation to compliance
- Ability to conduct on-site security assessments for compliance with Commonwealth and federal information security standards
- Experience creating and updating security documentation for diverse audiences
- Ability to independently research technical and compliance based issues and determine impact security trends may have on IT systems and business processes
- Ability to prioritize work to meet business objectives and deadlines
- Knowledge of project management techniques and methodologies
- Ability to identify and solve technical problems
- Professional experience with project management, information security, networks, operating systems, and secure software development
- Bachelor’s degree in Information Systems, Information Security, or related field or equivalent experience
- Industry certification in Information Security such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), Certified in Risk and Information Systems Control (CRISC), Applicable Global Information Assurance Certification (GIAC), Offensive Security Certified Professional or Expert (OSCP or OSCE), or Certified Ethical Hacker (CEH)
45
IT Risk Analyst Senior Resume Examples & Samples
- Performs risk assessments related to the Data Protection Program, Supplier Management and Enterprise Risk Management (ERM) programs along with consulting projects throughout various risk disciplines at FIS while identifying potential issues, control gaps, and potential process efficiencies
- Tracks, coordinates, and resolves issues identified in any and all related control, compliance, or risk work
- Requires varied interpersonal and technical skills
46
Senior IT Risk Analyst Resume Examples & Samples
- Own the security roadmap by working with security product owners and delivery leaders to develop multi-year plans that align capabilities with risks and threats
- Develop executive presentations on information security
- Coordinate key security touch points comprised of senior executives, track action items, and maintain presentation material
- Work with security project teams to ensure that project deliverables are aligned with the security roadmap, control program and risk management process
- Stay abreast of information security issues and regulatory changes affecting public companies. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position
- Bring groups together to share information and resources and create better decisions, policies and practices
- 5 – 8 years or more of enterprise level information security program management role Requires good interpersonal skills, ability to function in a fast paced, short-deadline environment, and the ability to come up with innovative cost-effective decisions
- Ability to communicate effectively with all levels of the organization’s workforce, while maintaining appropriate confidentiality
- Possess excellent writing and communication skills to effectively develop policies, and procedures, reports and documentation
- Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)
47
Senior IT Risk Analyst Resume Examples & Samples
- Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively
- Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response
- Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner
- Assist with the development and validation of remediation plans for technology deficiencies by providing effective challenge
- Minimum 3 years of experience performing risk management and analysis related activities
- Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA)
- Strong working experience with Microsoft Office Suite and GRC tools
- Ability to document and explain risks and vulnerabilities to both business and technical stakeholders
- Must have past experience performing vulnerability research and reporting
- Active in the technology industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies
48
IT Risk Analyst Resume Examples & Samples
- Bachelor’s degree in Computer Science mandatory. MBA preferred
- Professional certifications CRISC, CISA, CISSP, CISM, CGEIT or CIA preferred
- Minimum of 2 to 3 years of related experience in IT Audit, Information Technology Risk and Control, Information Security, Information Technology, Governance of Information Technology, or a related field is mandatory
- Experience in developing processes, implementing controls, writing or working with information security and technology policies or procedures and liaising with IT and Business personnel (at all levels)
- Familiarity with COBIT, ITIL, FFIEC, ISO/IEC 27001, ISO/IEC 9001, ISO/IEC 20000, SEC, SOX, GLBA, FINRA, Dodd-Frank and other related control frameworks or legislation and regulatory sources is a plus
- Strong communication skills, both verbal and written, diligent, detailed oriented, proactive is mandatory
- Good organizational skills, project management and ability to manage multiple tasks simultaneously
- Ability to work effectively, independently and within teams, to achieve management objectives
- Proactive and eager to take on new tasks and challenges,
- Ability to identify and propose opportunities for process (and control) improvements
- Ability to lead meetings and forward discussions, carry out day-to-day operational work while thinking and planning both tactically and strategically
- Ability to create executive level reporting
- Demonstrates Persistence, poise and perseverance and able to complete deliverable, accomplish goals and objective under pressure and within set timelines
- Proficient in MS Office (specifically Excel, PowerPoint, Word), VISIO, SharePoint,
- Experience with Archer system; or a similar Governance, Risk and Compliance Tool (GRC Tool)
49
IT Risk Analyst Resume Examples & Samples
- Assisting in the implementation of a standard operating model for the team for 2017 and into 2018, working with key stakeholders across the Business and Infrastructure functions. This will range from
- Designing Minimum Control Standards
- Designing and undertaking control assurance activities
- Developing and managing independent risk reporting
- Providing analysis of risks for technology operations
- Independently assessing material risks and/or key controls, providing challenge where needed
- Monitoring risk exposures and performance or key risk metrics, using and reviewing the risk type methodologies and supporting development of these where appropriate
- Supporting decision-making and approvals around risks and preparation of key risk documentation and reports
- Develop relationships with functions engaged in technology operations
- Undertake Risk Reviews of IT Control framework
- Manage incidents and crises as required within DB’s Crisis Management model
- Well-developed sense of personal accountability
- Strong work ethic and sense of urgency in personal approach to problems
- Ability to form relationships and capitalize upon them to achieve tangible objectives
- Highly self-motivated; robust decision making capability
- Experienced in influencing senior management
- Able to apply the ‘Culture and Beliefs’ of the Bank
- Minimum of 5 years of related experience, preferably in financial or consultancy firm
- AVP level in current role
- IT related experience or Risk Management within IT
- Demonstrable Operational/Non-Financial Risk Management skills
- Experience of working in major projects in large financial institution
- Demonstrable success managing and operating in a matrix environment that encompasses functional and geographical diversity
50
IT Risk Analyst Resume Examples & Samples
- Position will contribute to a team that analyzes IT risks and controls, with a specific focus on cyber risks and controls
- Correlate departmental internal audit findings, penetration test findings, Sarbanes Oxley documentation, and compliance data to identify IT risk events and mitigating controls
- Assist in the implementation of IT risk initiatives, including policies, processes and awareness programs
- Actively pursuing a Bachelor’s degree required
- Minimum 2 years’ experience with IT audit or IT risk required
- Experience performing IT control testing and creating related documentation required
- Experience executing risk assessments required
- Demonstrate timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction required
- Work independently with a minimum amount of supervision required
- Knowledge of ITIL process areas preferred
- Demonstrated ability in communicating effectively, both verbally and written preferred
- IT Consulting experience a plus
51
IT Risk Analyst Resume Examples & Samples
- Manage project and/ supervise staff to perform IT Risk Assessments, IT Advisory Reviews, IT Project Assessments, 3rd Party IT Testing, and other project reviews as identified
- Stay abreast of innovative business and technology trends in IT security, risk, and controls and advise leadership on technology initiatives. Obtain and maintain necessary training to keep current on the discipline of relevant industry and business specific topics
- Manage relationships with key stakeholders in the business and technology to ensure effective execution of the risk management framework during IT implementations, including the definition of IT security requirements within new systems
- Perform deep dives on IT security-related processes and systems
- Lead multiple stakeholders in agreement on appropriate solutions and verify that IT risks are mitigated appropriately. Verify that required controls are incorporated in new products
- Identify applicable regulatory risks from changes or releases to regulatory guidance and requirements and provide subject matter expertise for resolution and risk mitigation
- Manage targeted reviews of internal risk and control assessments on current and/or emerging IT risks
- Develop, track, and report on Key Risk Indicators (KRIs) for Information Technology
- Use subject matter expertise to provide independent challenge of Business Units’ processes for identification and assessment of IT risks and controls by performing activities such as process-level walkthroughs, control testing, etc
- Monitor, track, and report mitigation and resolution of IT risk issues
- Develop and manage reporting to effectively communicate key risks, findings, and recommendations for improvement and discuss results with key stakeholders
- Deep knowledge in Information Technology risk management
- Solid understanding of Information Technology, System Development, and Information Security including key existing and emerging risks
- Experience or knowledge of 3rd party/vendor management lifecycle is preferred
- Experience in a Financial Institution and/ or Public Accounting is preferred but not required
- Excellent oral and written communication skills and the ability to work effectively with employees at all levels of the organization (up to and including Senior and Executive Management)
- Receptive to guidance from manager and able to effectively communicate results to manager
52
Senior IT Risk Analyst Resume Examples & Samples
- Information Security certifications (CISSP, CISM, CISA)
- Risk management or IT risk experience
- Knowledge of ISO 27001, COBIT and ISO 31000
- Understanding of IT audit principles
53
IT Risk Analyst Resume Examples & Samples
- Provides expertise interpreting the compliance to the National Institute of Standards in Technology and other industry security standards
- Acts as technical advisor to recommend solutions for project managers, analysts, system development resources, and trainers
- Coordinates and participates in audits, vulnerability testing, and compliance reviews representing information technology functions in support of security, audit, and risk needs. Tracks and reports on remediation efforts. Escalates areas of risk and concern
- Performs information technology business continuity and disaster recovery risk assessments, and supports corrective actions
- Performs regular reviews, and contributes to development and maintenance of information technology processes, standards, templates, tools and techniques
- Responsible for facilitating, tracking, measuring, reporting and interpreting key information technology metrics
- Acts as liaison between corporate functions, internal/external clients, operations and technical staff
- Develops and maintains project communications and management reporting on quality reviews and audit and remediation activities
- Works in conjunction with other departments to ensure the best corporate solutions are architected and deployed
- 3 + years in designing, developing, implementing, managing, or supporting information technology solutions
- Prior work experience in information technology security, project management, data center operations, or application development or support
- Experience with vulnerability scanning and intrusion detection processes
- Demonstrated ability to meet regulatory agency standards, such as Sarbanes Oxley, SSAE16 or NIST
- Demonstrated knowledge and comprehension of technical system environments, including infrastructure networks, web applications, iSeries or Microsoft server systems, data storage, and packaged software products
- Ability to prepare and deliver professional training media
- Proven productivity and efficiency in completing deliverables
- Consistently accepts accountability for decisions made
- Demonstrated ability to develop new processes, analyze existing processes, and recommend improvements
- Demonstrated ability to complete complex and challenging assignments on time and with confidence
- Shows commitment to acquiring new knowledge and skills to improve success
- Demonstrated ability to identify business and customer needs, is able to effectively articulate at all levels and build strong customer and peer relationships
- Exceptional oral and written communication skills, presentation skills and team work
54
IT Risk Analyst, Specialist Resume Examples & Samples
- Large company and/or financial services experience strongly preferred
- Project/program management for technology and/or risk initiatives
- Other IT risk/governance/policy experience
- IT operational experience helpful
- Strong business/tech writing and presentation development skills helpful
- ISACA/PMI certification are nice to have
55
IT Risk Analyst Resume Examples & Samples
- Support the technology controls and assessment framework, leveraging standard tools and processes to identify control, process, and application issues / deficiencies. Identify framework efficiency and effectiveness opportunities
- Develop presentation materials and reports for the team and senior management business and technology stakeholders; work closely with the technology teams to collect and track an array of metrics required for reporting
- Lead small-to-medium scale projects and deliver presentations with minimal supervision
- Experience working with JAVA and COBOL applications on the risk perspective
- Understating of the mainframe environment is a plus
- Proficient in Microsoft Office (especially Excel and PowerPoint) and Microsoft SharePoint
- Articulate the business value and impact of technical and non-technical information and understand when to escalate issues
- Demonstrate organizational and time management skills with the ability to adapt and adjust to changing priorities and to manage multiple assignments with challenging / conflicting deadlines
- Proficient communication, consensus-building, interpretation, analytical, and negotiation skills
- CRISC, CISSP, or CISM/CISA certifications a plus
56
IT Risk Analyst, AVP Resume Examples & Samples
- Carry out IT Risk Assessments and related tasks
- Work with the control owner to improve control strength
- Track open risks to insure remediation plans have been executed to mitigate the risk
- Promote an understanding of IT Risk roles, processes and activities
- Analytical and rigorous
- Reactive and adaptive
- Straightforward and clear communicator
- Strong understanding of financial institutions
- Strong excel skills for in depth analysis
- Any one or more of the following certifications: CISM, CRISC or CISSP
- 3+ years in Financial Services
- 3+ years in a relevant Risk or Audit function
57
IT Risk Analyst Resume Examples & Samples
- Demonstrate solid knowledge on technology processes within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks (i.e. COBIT 5)
- Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues
- Minimum 5 years of work related experience in technology
- Strong understanding of technology processes, risks and issues including infrastructure, information security, SDLC and Service Management (knowledge within cloud computing is preferred, specifically AWS)
- Capable of identifying, evaluating and mitigating significant risks within an enterprise
- Basic knowledge of SOC2 attestation reports
- Must have and maintain at least one of the following certification: CISSP, CISA, CRISC or equivalent designation
- Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals
58
IT Risk Analyst Resume Examples & Samples
- An understanding of risk and management controls in a FTSE100/250 or equivalent entity
- Exposure to industry quality management frameworks and ‘lean’ principles
- Awareness of project management techniques
- Process management of a control environment for IT systems and procedures
- Use of MS Office suite of applications
- Familiarity with Tableau, SharePoint, JIRA and Confluence
- Ability to communicate effectively with global stakeholders
59
Senior IT Risk Analyst Resume Examples & Samples
- Strong understanding of NIST Cybersecurity Framework (CSF), GLBA, SOX, PCI, and FFIEC requirements
- Experience in developing, maintaining, and maturing enterprise business continuity plans
- Experience in crisis response coordination
60
Endur IT Risk Analyst Resume Examples & Samples
- Working with business representatives who are the subject matter experts in their area
- Continuous improvement to achieve a future state vision; across people, process and technology accommodating both business and functional requirement
- Support and enhance the solutions for the business in their local region
- Work with Application Developers and /or Application Vendors to test / validate application changes to the solutions