The IT Risk Analyst will support IT Risk functions to meet the strategic goals of our IT Risk program supporting a highly dynamic, fast-paced, and diverse organization. Reporting to the Manager of IT Risk, you will help write and help enforce IT Risk policies and procedures supporting a scalable approach to risk mitigation during rapid IT service delivery. Key to success is your knowledge of minimizing risk in IT services delivery to support the growth of digital services at TSC.
Essential Duties and Responsibilities (Minimum of 5% of time spent)
Implement standard operating procedures in an IT Risk Management program that follows a standards-based framework.
Help mature IT risk procedures that enforce company policies and standards.
Conduct formal IT risk analysis and assessments to minimize risk to critical information systems and data.
Work with team members across TSC to collect IT and risk materials to fulfill audit, compliance, and regulatory requests.
Monitor resolutions to audit findings relating to IT, Information Security and Privacy.
Assist with third party risk assessments, make risk recommendations, and communicate results to business, technology, and legal partners.
Report IT risk success criteria and performance metrics for IT operational procedures.
Assist with security/privacy policies and standards development.
Help create and implement action plans to address risk and security issues during development, integration, and deployment of technology solutions.
Assist with the oversight of IT risk and security controls within cloud environments.
Assist with managing the Security Awareness Program for the company.
Assist with the delivery of IT risk, security, and privacy services to the company.
Qualifications
Experience: 2+ years of IT Governance, Risk, and Compliance experience.
Education: Bachelor’s degree in computer science or a related field from an accredited college or university. Any suitable combination of education and experience will be considered.
Professional Certifications: CISSP, CISA, CRISC, CISM, SANS GIAC, or another relevant security or governance certification(s) desired.
Other knowledge, skills, or abilities:
- Hands-on experience supporting IT risk management programs using NIST, FAIR, ISO or other relevant IT control frameworks
- Experience with PCI, SOX, IT General Controls, change management, data privacy, CCPA, third party risk management, identity and access management, cloud security, IAAS, PAAS, SAAS
- Good analytical, problem-solving, project management, and planning skills
- Collaborative skills and ability to work well within a team
- Ability to work with and influence peers
- Ability to work in a fast-paced and deadline-oriented environment
- Self-motivated with attention to detail, deadlines, and reporting
- Experience with IT GRC related tools: ZenGRC, ServiceNow and OneTrust. Audit Command Language (ACL) and integration experience is preferred.
- Experience in Retail, Big 4 IT Audit, Internal IT Audit, and Security Consulting is preferred.
Working Conditions
Flexible / Hybrid working conditions.
