Technology Risk Analyst

The Technology Risk Analyst is a critical role within the Risk Management group at WEX. This role will directly support our Technology SOX, SOC1, SOC2, and HITRUST audits. This role works closely with technology practitioners in the first line of defense as well as our internal and external auditors.

Support various IT Audits and Examinations including operational audits, SOX, SOC1, SOC2, and HITRUST.

Work closely with Internal Audit and External Audit teams to facilitate all interactions with technology practitioners.

Ensure Audit requests for evidence are satisfied in a timely and complete manner.

Schedule, plan and lead technology process walkthroughs with control owners and internal audit groups.

Facilitate meetings, take meeting minutes, document issues and actions for resolution.

Track all technology control issues, ensure management corrective action plans are defined, address the root cause of the issue and oversee progress of remediation.

Facilitate general awareness and training related to SOX, SOC1, SOC2, and HITRUST.

Perform Technology Control Assessments in support of SOX, SOC1, SOC2 and HITRUST.

Advise technology practitioners on the proper design and implementation of Technology Controls (example: Identity & Access Management, Change Management, Backup Operations, Network Operations, Job Scheduling, Incident Management, and Logging & Monitoring)

Develop, track and report on results of work using our GRC tools.

As needed perform risk and deviation analysis on identified audit issues to understand root cause of failure, overall impact to the organization and identify mitigating and compensating controls in place to manage the risk.

Experience you'll bring

Education: Bachelor’s degree in a related technical discipline, or the equivalent combination of education, technical certifications, training, or work experience required.

Experience: 5 years of related experience in IT risk management, internal audit, project management or IT Governance required.

Understanding of broad technology concepts such as: Access Controls, Disaster Recovery, Change Management, IT Service Management, IT Security, Cloud technologies, and Information Security controls.

Knowledge of Risks and Controls framework and methodologies.

Successfully complete a background investigation.

Preferred Qualifications

Financial services industry experience, consulting, Regulatory/ IT Audit, Big 4, or IT service management preferred.

Relevant certifications such as CRISC, CGEIT, CISA, and CISSP preferred.

Complexity :

Works on problems of diverse scope where analysis of data requires attention to detail and evaluation of identifiable factors.

Demonstrates good judgment in selecting methods and techniques for obtaining solutions.

Networks with senior internal and external personnel in their own area of expertise.

Strong oral and written communication skills to work effectively with employees of all levels of the organization. Must be comfortable driving conversations related to risk and controls with teams of varied backgrounds.

Highly organized with the ability to prioritize and multitask.

Normally receives little instruction on day-to-day work, general instructions on new assignments.

About the Team/Role

The Technology Risk Analyst is a critical role within the Risk Management group at WEX. This role will directly support our Technology SOX, SOC1, SOC2, and HITRUST audits. This role works closely with technology practitioners in the first line of defense as well as our internal and external auditors.

• Support various IT Audits and Examinations including operational audits, SOX, SOC1, SOC2, and HITRUST.

• Work closely with Internal Audit and External Audit teams to facilitate all interactions with technology practitioners.

• Ensure Audit requests for evidence are satisfied in a timely and complete manner.

• Schedule, plan and lead technology process walkthroughs with control owners and internal audit groups.

• Facilitate meetings, take meeting minutes, document issues and actions for resolution.

• Track all technology control issues, ensure management corrective action plans are defined, address the root cause of the issue and oversee progress of remediation.

• Facilitate general awareness and training related to SOX, SOC1, SOC2, and HITRUST.

• Perform Technology Control Assessments in support of SOX, SOC1, SOC2 and HITRUST.

• Advise technology practitioners on the proper design and implementation of Technology Controls (example: Identity & Access Management, Change Management, Backup Operations, Network Operations, Job Scheduling, Incident Management, and Logging & Monitoring)

• Develop, track and report on results of work using our GRC tools.

• As needed perform risk and deviation analysis on identified audit issues to understand root cause of failure, overall impact to the organization and identify mitigating and compensating controls in place to manage the risk.

Experience you'll bring

• Education: Bachelor’s degree in a related technical discipline, or the equivalent combination of education, technical certifications, training, or work experience required.

• Experience: 5 years of related experience in IT risk management, internal audit, project management or IT Governance required.

• Understanding of broad technology concepts such as: Access Controls, Disaster Recovery, Change Management, IT Service Management, IT Security, Cloud technologies, and Information Security controls.

• Knowledge of Risks and Controls framework and methodologies.

• Successfully complete a background investigation.

Preferred Qualifications

• Financial services industry experience, consulting, Regulatory/ IT Audit, Big 4, or IT service management preferred.

• Relevant certifications such as CRISC, CGEIT, CISA, and CISSP preferred.

Complexity :

• Works on problems of diverse scope where analysis of data requires attention to detail and evaluation of identifiable factors.

• Demonstrates good judgment in selecting methods and techniques for obtaining solutions.

• Networks with senior internal and external personnel in their own area of expertise.

• Strong oral and written communication skills to work effectively with employees of all levels of the organization. Must be comfortable driving conversations related to risk and controls with teams of varied backgrounds.

• Highly organized with the ability to prioritize and multitask.

• Normally receives little instruction on day-to-day work, general instructions on new assignments.

The base pay range represents the anticipated low and high end of the pay range for this position. Actual pay rates will vary and will be based on various factors, such as your qualifications, skills, competencies, and proficiency for the role. Base pay is one component of WEX's total compensation package. Most sales positions are eligible for commission under the terms of an applicable plan. Non-sales roles are typically eligible for a quarterly or annual bonus based on their role and applicable plan. WEX's comprehensive and market competitive benefits are designed to support your personal and professional well-being. Benefits include health, dental and vision insurances, retirement savings plan, paid time off, health savings account, flexible spending accounts, life insurance, disability insurance, tuition reimbursement, and more. For more information, check out the "About Us" section.Pay Range: $83,000.00 - $110,000.00

We simplify complex payment systems for fleets, corporate payments, and healthcare—unlocking insights, opportunities, and efficiencies to give you greater control of your business.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.