Overview
As a Technology Risk Analyst, you will play a critical role in supporting the firm's enterprise risk management framework by assessing, monitoring, and reporting on technology risks. You will be responsible for validating that the firm's technology and cybersecurity practices are aligned with internal standards, regulatory requirements, and applicable best practice.
You will need strong collaboration and communication skills to drive consensus with various technical and business teams and facilitate cross-team activities to completion. Your ability to effectively listen to and engage your co-workers will allow you to build a fruitful network of relationships, increasing your influence and impact. Your technical acumen will enable you to understand our complex technical environment and the unique risks that it may sometimes present. Your passion for cybersecurity and technology coupled with your innate curiosity will fuel your drive for constant learning. Finally, your creativity and drive to delivery will enable you to seek solutions beyond rigid frameworks and conventional wisdom to create and deliver solutions that uniquely fit SIG.
In this role you will:
• Conduct thorough assessments of technology and cybersecurity risks across the organization, including emerging risks related to new technologies and changes in the threat landscape.
• Develop, implement, and continuously monitor key risk indicators (KRIs) and other metrics to identify potential technology and cybersecurity risk issues and ensure timely escalation and reporting.
• Support the development, implementation, and enforcement of technology and cybersecurity standards and procedures in alignment with regulatory requirements and industry best practices.
• Work closely with the 1st Line of Defense, IT teams, and other stakeholders to assess the effectiveness of technology controls and to ensure risk mitigation strategies are effective.
• Prepare and present comprehensive reports on technology risk findings, including risk assessments, incident reviews, and recommendations for improvement, to senior management and relevant committees.
What we're looking for
5+ years relevant work experience in technology and/or cybersecurity risk management or IT audit.
• Experience applying a strong understanding of the following subject areas in managing and advising on technology and cybersecurity risks and risk treatment options.
o Risk management principles, such as risk tolerances/appetites, anatomy of a risks, and risk treatment options.
o SOC 2 controls design and/or testing
o BCP/DR best practices
o Software development life cycle techniques and best practices
o M odern cybersecurity threat tactics, techniques, actors, and motives.
o Cybersecurity defense strategies and practices that make up an effective security program.
• Strong listening, communication and collaboration skills to effectively partner with technical and business teams.
• Experience in planning and coordinating activities toward a common goal across various departments and teams.
SIG is not accepting unsolicited resumes from search firms. All resumes submitted by search firms to any employee at SIG via-email, the Internet or directly without a valid written search agreement will be deemed the sole property of SIG, and no fee will be paid in the event the candidate is hired by SIG.
LI-RH1
