Principal Technical Risk Analyst

Overview

Responsible for overseeing the identification, assessment, and mitigation of technical risks across the organization's systems, infrastructure, and technology stack. This role involves working closely with cross-functional teams to implement strategies that minimize risks while ensuring compliance with internal policies and external regulations. Responsible for identifying, evaluating, and mitigating technical risks associated with projects, systems, or technologies within an organization. This role combines technical expertise, risk management skills, and leadership to ensure that technical risks are managed effectively, safeguarding the company's operations, data, and reputation. Work independently to interpret and develop solutions to complex business challenges that have a significant impact on the function or branch. Specialized skill set and proficiency with procedures and techniques. Recognized as an expert in own area within the organization.

• Lead the assessment of technical risks in existing systems and upcoming projects
• Evaluate technologies, infrastructure, and processes for potential vulnerabilities and failure points
• Conduct in-depth analysis of risks related to software, hardware, cybersecurity, data integrity, and operational processes. Use qualitative and quantitative methods to rank risks by impact and likelihood
• Develop and implement mitigation plans to reduce identified technical risks
• Collaborate with engineering, IT, and product teams to execute risk mitigation initiatives effectively
• Lead the response to technical incidents that present risks to the organization, including root cause analysis and action plans to prevent recurrence
• Provide clear, concise reports to senior leadership, outlining key technical risks and mitigation progress. Serve as the point of contact for all technical risk-related matters
• Ensure that all technical activities are compliant with regulatory requirements and internal governance frameworks. Collaborate with legal and compliance teams to stay updated on relevant laws and standards
• Lead and drive ongoing risk management improvements through process optimization, technology upgrades, and staff training. Recommend proactive measures to preempt potential risks
• Assess and manage risks associated with external vendors and third-party services. Ensure that third-party technologies comply with organizational security and risk standards
• Work closely with the security team to ensure that technical risks related to cybersecurity are identified, evaluated, and mitigated. Help implement security protocols, audits, and response strategies
• Lead risk management training programs to ensure employees are aware of potential technical risks and are equipped to prevent and respond to incidents
• Maintain accurate documentation of risk assessments, mitigation plans, incident responses, and any actions taken. Ensure these records are accessible for auditing purposes

• Bachelor's or Master's degree in Computer Science, Information Technology, Engineering, or a related technical field or equivalent combination of training, education and experience
• Subject matter expert within business area/specialization with understanding of interrelationships of different disciplines
• Significant experience in risk management, IT, cybersecurity, or a related technical field
• Proven experience managing large-scale technical projects with high levels of risk
• Significant experience working in regulated industries is a plus (e.g., finance, healthcare, government)
• Significant knowledge of IT systems, software development, cloud technologies, and cybersecurity best practices
• Significant knowledge of risk management frameworks such as NIST and ISO 27001
• Ability to assess complex technical systems and identify risks through both qualitative and quantitative analysis
• Proven ability to lead cross-functional teams, manage stakeholders, and communicate risk effectively at all levels of the organization
• Excellent verbal and written communication skills, with the ability to translate technical risks into business language for non-technical stakeholders
• Strong critical thinking and problem-solving skills to identify, assess, and mitigate risks in a dynamic environment
• Significant Crisis Management experience
• Significant Cybersecurity & IT Governance experience
• Significant Vendor Risk Management experience
• Advanced Communication & Leadership skills
• Advanced knowledge of Regulatory Compliance

• Master's Degree in related field or equivalent combination of training, education and experience.
• Certified Information Systems Security Professional (CISSP)
• Certified Risk and Information Systems Control (CRISC)
• Project Management Professional (PMP)
• Certified Information Systems Auditor (CISA)