ETRA Sr Technology Risk Analyst

Job Description:

The Role
Enterprise Technology Risk & Analytics (ETRA) group is seeking a passionate and driven professional to assist with coordination of regulatory operations and ETRA strategy and reporting activities. This role will require strong relationship and networking skills to collaborate with various teams including Enterprise Cybersecurity, Corporate Audit, Corporate Risk, Compliance, Vendor Management, Ethics Office and Enterprise Business Resiliency.

Primary Responsibilities

• Facilitates Top-Down Risk Assessments by entity and tracks application, database and server inventory by entity to meet regulatory requirements.
• Provides exam & client inquiry support.
• Tracks Internal Audit, SII, and PROE action plan progress, and coordinates/tracks Information Technology General Control (ITGC) assessment statuses.
• Completes quarterly KPI Reporting and coordinates monthly CIO Reporting.
• Supports the ETRA Brunch & Learn Series, Newsletter, etc.
• Performs all processing related to the NPH Program
• Formulates/publishes/tracks annual Risk Mindset Training
• Facilitates the tri-annual certification process for the Controls CoE

• 4-6 years' experience in information technology risk, cyber security, controls or audit roles
• Experience in regulatory controls is a plus
• Bachelor's degree in computer science, technology, or a related field of study preferred
• Professional technology and associated risk certifications a plus (CISSP, CISA, CRISC, CISM)
• Experience performing technology risk assessments, or IT Audits
• You have a strong knowledge of information technology processes and controls and a comprehensive understanding of risk, quality control and assurance functions.
• Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk using your advanced analytical and critical thinking skills
• Your ability to build and maintain collaborative working relationships with business partners
• Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development and monitoring of controls
• Knowledge of Industry standards, frameworks and best practices, such as NIST SP 800-53, COBIT, AICPA Trust Principles, ISO27001, HITRUST is preferred
• Knowledge of Governance, Risk, and Compliance (GRC) tools, such as Archer
• Your excellent verbal and written communication skills enabling you to prepare and present recommendations to business partners

• Conducting in-depth information technology risk assessments including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
• Assessing the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation
• Monitor and report on quarterly KPIs/KRIs for ETRA
• Understanding and consulting on information security standards and industry best practices as it relates to regulated entities
• Liaison with Internal and External audit teams, tracking of internal and external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution.