Information Risk Management Analyst III

We are seeking a detail-oriented and proactive Technology Risk Senior Analyst to join our dynamic team. Reporting to the Program Director, IT Risk Initiatives, the Technology Risk Senior Analyst will be responsible for validating the data and processes for all Information Risk Management (IRM) metrics.

Responsibilities:

• Evaluate the people, processes, and technologies supporting the information risk management metrics in the Path-to-practice program

• Perform risk and controls self-assessments for ETS business processes, including Incident and Problem Management, Business Continuity Management, Disaster Recovery, Identity and Access Management, Cloud Management, IT Asset Inventory Management, Application Security, Vulnerability Management, Data Loss Protection, Cryptographic Safeguards, Logging and Monitoring, and Network Security

• Review processes and controls supporting how data used to calculate metrics is sourced, transformed, and reported

• Analyze and review metric automation logic to identify gaps and suggest improvements

• Perform data validation and re-calculation of reported metrics

• Make sound and actionable recommendations based on independent judgment and knowledge

• Document end-to-end process narratives and SOPs for underlying processes supporting the metrics

• Use Microsoft Visio or Lucid Chart to map out process steps

• Ensure documentation meets Client's standard of quality

• Collaborate with Second Line Assurance and Internal Audit on assurance projects impacting IRM metrics

• Research, learn, and apply knowledge of next-generation technologies to stay current and promote credibility with partners

• Work collaboratively within and outside ETS to achieve program objectives

Must Have Skills:

• 3+ years of experience in Technology Audit, SOX IT Audit, or Technology RCSA

• Strong understanding of controls, audit, and risk management

• Professional certifications in audit or information risk management, such as CISA, CISSP, CISM, GIAC, CRISC (preferred)

• In-depth knowledge of audit methodologies, control test execution, risk, and remediation efforts

Required Soft Skills:

• Excellent problem-solving and analytical skills, including the ability to conduct client meetings, gather evidence, and independently document workpapers

• Highly analytical with strong organizational and problem-solving abilities

• Strong written and verbal communication skills, with the ability to collaborate effectively with multiple stakeholders

Education:

• Bachelor’s degree in Information Systems, Computer Science, or Information Systems Auditing