Enable job alerts via email!
IT Risk Analyst (Controls)
Equiliem
Atlanta (GA)
Remote
USD 80,000 - 110,000
Full time
4 days ago
Be an early applicant
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Create a job specific, tailored resume for higher success rate.
Job summary
An established industry player is seeking a skilled IT Risk Analyst to enhance its risk management program. This role involves developing and testing IT security controls, managing the IT risk register, and ensuring compliance with regulatory frameworks. The ideal candidate will possess strong analytical and communication skills, enabling them to effectively present findings to both technical and non-technical stakeholders. Join a forward-thinking team that values collaboration and continuous improvement in IT risk management processes, and play a vital role in shaping the future of cybersecurity within the organization.
Qualifications
- 3-5 years of experience in IT risk management or regulatory compliance.
- Strong working knowledge of NIST frameworks and IT General Controls.
Responsibilities
- Develop, test, and maintain IT security controls.
- Conduct control assessments and document findings.
- Manage the IT risk register and ensure compliance.
Skills
IT Risk Management
NIST Frameworks
GRC Platforms
Analytical Skills
Communication Skills
Education
Bachelor's in Information Technology
Bachelor's in Cybersecurity
Bachelor's in Risk Management
Tools
AuditBoard
Job description
**Remote, ideal candiate will be local to one of the following locations: Atlanta, GA / La Vista, NE, / Scottsdale, AZ / St. Petersburg, FL**
*Must have experience building controls*
The IT Risk Analyst is responsible for developing, testing, and maintaining IT security controls and managing IT risk-related documentation. This position focus on compliance with frameworks such as NIST CSF, NYDFS NYCRR 500, and Regulation S-P while leveraging GRC platforms to assess and manage IT risks effectively. This position will manage the IT risk register, oversee control assessments, and ensure accurate reporting of risks.
The ideal candidate will have a proven ability to write and present clear assessment reports and develop thorough documentation. This role requires a balance of technical knowledge, analytical skills, and the ability to communicate findings to technical and non-technical stakeholders. This position offers the opportunity to work with cross-functional teams, engage with senior leadership, and contribute to a growing risk management program.
Responsibilities
* IT Controls Development and Testing
* Design, document, and test IT controls derived from NIST frameworks (e.g. CSF, SP 800-53), NYDFS NYCRR 500, and Regulation S-P.
* Conduct control assessments, document findings, and support remediation efforts.
* Write detailed and well-organized reports on IT control assessments, findings, and recommendations.
* Partner with IT teams to identify and mitigate gaps in control implementation.
GRC Platform Utilization
* Use a GRC platform to conduct IT control assessments, document findings, and manage the IT risk lifecycle.
* Ensure accurate and timely updates to the IT risk register using GRC tools.
* Develop dashboards and reports from the GRC platform to provide insights to stakeholders.
IT Risk Register Management
* Maintain the IT risk register, tracking control and IT risk issues, mitigation efforts, and resolution timelines.
* Conduct regular reviews of the risk register to track progress and prioritize remediation efforts.
* Generate periodic reports on risk trends, control effectiveness, and issue resolution for management and governance committees.
Regulatory Compliance and Reporting
* Monitor regulatory updates and adjust IT controls and risk processes to ensure compliance.
* Support internal and external audits and regulatory reviews, preparing evidence and responding to queries.
Collaboration and Continuous Improvement
* Contribute to the enhancement of IT risk management processes, tools, and methodologies.
* Contribute to the development of IT risk policies, procedures, and training materials.
* Provide guidance and training to other team members on risk and control-related topics.
Required Qualifications
* Bachelor's degree in information technology, cybersecurity, risk management, or a related field.
Significant practical experience will be considered in lieu of degree.
* 3-5 years of experience in IT risk management, IT security, or regulatory compliance.
* 3+ years of experience with IT General Controls rationalization and testing on Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Application Security, IT operations, Network Security, and Cloud Computing).
* Strong working knowledge of NIST frameworks (e.g., CSF, SP 800-53).
* Proficiency in using GRC platforms to manage IT risk registers, control assessments, and tracking remediation efforts.
* Demonstrated ability to write and present detailed assessment reports and create comprehensive documentation.
* Excellent analytical and communication skills, with the ability to present technical concepts clearly. * Effective communication skills, both written and verbal, with the ability to convey complex concepts to diverse audiences.
Preferred Certifications, such as:
o Certified Information Systems Auditor (CISA).
o Certified Risk and Information Systems Control (CRISC).
o Certified Information Systems Security Professional (CISSP).
* Experience with risk management in regulated industries (e.g., financial services).
* Proficiency in using AuditBoard to manage IT risk registers, control assessments, and tracking remediation efforts
*Must have experience building controls*
The IT Risk Analyst is responsible for developing, testing, and maintaining IT security controls and managing IT risk-related documentation. This position focus on compliance with frameworks such as NIST CSF, NYDFS NYCRR 500, and Regulation S-P while leveraging GRC platforms to assess and manage IT risks effectively. This position will manage the IT risk register, oversee control assessments, and ensure accurate reporting of risks.
The ideal candidate will have a proven ability to write and present clear assessment reports and develop thorough documentation. This role requires a balance of technical knowledge, analytical skills, and the ability to communicate findings to technical and non-technical stakeholders. This position offers the opportunity to work with cross-functional teams, engage with senior leadership, and contribute to a growing risk management program.
Responsibilities
* IT Controls Development and Testing
* Design, document, and test IT controls derived from NIST frameworks (e.g. CSF, SP 800-53), NYDFS NYCRR 500, and Regulation S-P.
* Conduct control assessments, document findings, and support remediation efforts.
* Write detailed and well-organized reports on IT control assessments, findings, and recommendations.
* Partner with IT teams to identify and mitigate gaps in control implementation.
GRC Platform Utilization
* Use a GRC platform to conduct IT control assessments, document findings, and manage the IT risk lifecycle.
* Ensure accurate and timely updates to the IT risk register using GRC tools.
* Develop dashboards and reports from the GRC platform to provide insights to stakeholders.
IT Risk Register Management
* Maintain the IT risk register, tracking control and IT risk issues, mitigation efforts, and resolution timelines.
* Conduct regular reviews of the risk register to track progress and prioritize remediation efforts.
* Generate periodic reports on risk trends, control effectiveness, and issue resolution for management and governance committees.
Regulatory Compliance and Reporting
* Monitor regulatory updates and adjust IT controls and risk processes to ensure compliance.
* Support internal and external audits and regulatory reviews, preparing evidence and responding to queries.
Collaboration and Continuous Improvement
* Contribute to the enhancement of IT risk management processes, tools, and methodologies.
* Contribute to the development of IT risk policies, procedures, and training materials.
* Provide guidance and training to other team members on risk and control-related topics.
Required Qualifications
* Bachelor's degree in information technology, cybersecurity, risk management, or a related field.
Significant practical experience will be considered in lieu of degree.
* 3-5 years of experience in IT risk management, IT security, or regulatory compliance.
* 3+ years of experience with IT General Controls rationalization and testing on Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Application Security, IT operations, Network Security, and Cloud Computing).
* Strong working knowledge of NIST frameworks (e.g., CSF, SP 800-53).
* Proficiency in using GRC platforms to manage IT risk registers, control assessments, and tracking remediation efforts.
* Demonstrated ability to write and present detailed assessment reports and create comprehensive documentation.
* Excellent analytical and communication skills, with the ability to present technical concepts clearly. * Effective communication skills, both written and verbal, with the ability to convey complex concepts to diverse audiences.
Preferred Certifications, such as:
o Certified Information Systems Auditor (CISA).
o Certified Risk and Information Systems Control (CRISC).
o Certified Information Systems Security Professional (CISSP).
* Experience with risk management in regulated industries (e.g., financial services).
* Proficiency in using AuditBoard to manage IT risk registers, control assessments, and tracking remediation efforts
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Similar jobs
IT Risk Analyst (Controls)
Abacus Staffing
Atlanta
Remote
USD 70,000 - 110,000
7 days ago
Be an early applicant
AML/BSA Special Risk Analyst - ISO/TPPP (Onsite/Hybrid/Remote - within AL, FL, GA, SC or TN)
Synovus Financial Corp
Atlanta
Remote
USD 65,000 - 100,000
Yesterday
Be an early applicant
Sr Healthcare Risk Adjustment Analyst - Remote
Allscripts
Atlanta
Remote
USD 60,000 - 95,000
Yesterday
Be an early applicant
IT Risk Analyst,Remote, NC-Remote,United States
Intellibee
Remote
USD 80,000 - 100,000
6 days ago
Be an early applicant
Business Analyst - IT Risk and Controls
Fanisko
Remote
USD 60,000 - 100,000
2 days ago
Be an early applicant
Land a better
job faster
job faster
