IT Risk Analyst

Position Summary

The position of IT Risk Analyst is responsible for participating in IT compliance and risk management initiatives. The candidate should demonstrate a basic understanding of IT risk, the ability to maintain quality service standards set by the organization, the desire to learn, and a willingness to work with organizations outside the department.

Minimum Qualifications (Education, Experience, Skills)

• Bachelor’s Degree in Computer Science; or coursework in IT, Security, or Risk Management.
• 2 years’ experience in, IT Security, Vendor Management, or Risk Management.
• Information security and/or risk certification(s) desirable.
• Track record of producing quality deliverables under limited supervision.
• Sufficient organizational skills to be able to prioritize concurrent projects effectively and meet deadlines and commitments.
• Effective written skills, verbal communications, and positive interpersonal skills.
• Basic level Microsoft Word, Excel, and PowerPoint skills.

Essential Duties and Responsibilities

• Under the guidance of the Chief IT Compliance and Risk Officer, schedule and participate in risk management meetings for branch risk assessments, vendor risk assessments, and application user access reviews as a representative of IT Compliance and Risk.
• Perform branch risk assessments on a scheduled basis. Assessment activities shall include evaluating physical and logical security posture, conducting training for branch employees, and completion of a branch security risk report.
• Perform vendor risk assessments as assigned. Work with vendors and business owners to gather documentation and develop vendor remediation plans.
• Perform application user access reviews for critical applications. Work with business owners to develop remediation plans.
• Participate in the peer review process for risk assessments. Work with IT Compliance and Risk team members to help ensure the accuracy of risk reports.
• Acquire proficiency within the Quantivate GRC portal as it pertains to IT GRC risk assessments and risk register functionality.
• Following prescribed SLAs, ensure timely completion of all tasks. Escalate non-compliance of SLAs to the Chief IT Compliance and Risk Officer.
• Create metrics and reports to regularly report on the health of assigned activities
• Assist in the design and presentation of security education and awareness training as required.
• Ensure all assigned programs have documented procedures which are current and relevant for the program.

Other Duties and Responsibilities

• Participate in security and/or risk related committees as required.
• Perform other duties as assigned.
• Assist with IT compliance initiatives as assigned by the Chief IT Compliance and Risk Officer.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands and fingers to handle or feel objects, tools, or controls and talk or hear. The employee is frequently required to stand and reach with hands and arms. The employee is occasionally required to walk; sit; climb or balance; and stoop, kneel, crouch, or crawl.

The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

The noise level in the work environment is usually moderate.